CVE-2019-10761
Published: 13 July 2022
Summary
CVE-2019-10761 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Vm2 Project Vm2. Its CVSS base score is 8.3 (High).
Operationally, ranked in the top 25.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-6434
Vulnerability details
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to…
more
reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.