GMS-2019-49: Sandbox Breakout in realms-shim

October 21, 2019 (updated September 2, 2021)

Versions of realms-shim are vulnerable to a Sandbox Breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. One portion of this transform pipeline exposed a primal-Realm object to the rewriting function. Confined code which used the evaluator itself could provide a malicious rewriter function that captured this object, and use it to breach the sandbox. Upgrade to or later.

References

github.com/Agoric/realms-shim/security/advisories/GHSA-7cg8-pq9v-x98q
github.com/advisories/GHSA-7cg8-pq9v-x98q
snyk.io/vuln/SNYK-JS-REALMSSHIM-536069
www.npmjs.com/advisories/1218

Detect and mitigate GMS-2019-49 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →