CVE-2023-51661: Wasmer filesystem sandbox not enforced
(updated )
As of Wasmer version v4.2.3, Wasm programs can access the filesystem outside of the sandbox.
References
- github.com/advisories/GHSA-4mq4-7rw3-vm5j
- github.com/wasmerio/wasmer
- github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c
- github.com/wasmerio/wasmer/commit/e3923612c23123025c26f982d390e34df7df030f
- github.com/wasmerio/wasmer/issues/4267
- github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j
- nvd.nist.gov/vuln/detail/CVE-2023-51661
Detect and mitigate CVE-2023-51661 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →