GMS-2023-1877: Soketi was exposed to Sandbox Escape vulnerability via vm2
Impact
What kind of vulnerability is it? Who is impacted?
Anyone who might have used Soketi with the cluster driver (or through PM2).
Patches
Has the problem been patched? What versions should users upgrade to? Get the latest version of Soketi.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading? None. It’s advised to upgrade to the latest version.
References
Are there any links users can visit to find out more?
- https://github.com/advisories/GHSA-cchq-frgv-rjh5
- https://github.com/patriksimek/vm2/issues/533
- https://github.com/Unitech/pm2/issues/5643
References
- github.com/Unitech/pm2/issues/5643
- github.com/advisories/GHSA-cchq-frgv-rjh5
- github.com/advisories/GHSA-g6w6-h933-4rc5
- github.com/patriksimek/vm2/issues/533
- github.com/soketi/soketi/commit/de12bff706c0d62e6a57dc1c7be3c4f014d0093a
- github.com/soketi/soketi/pull/927
- github.com/soketi/soketi/releases/tag/1.6.0
- github.com/soketi/soketi/security/advisories/GHSA-g6w6-h933-4rc5
Detect and mitigate GMS-2023-1877 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →