Enclave Sandbox Escape Vulnerability in Error Prototype Chain Allowing Arbitrary Code Execution

A critical sandbox escape vulnerability has been identified in Enclave's JavaScript execution environment, specifically in versions prior to 2.7.0. This vulnerability allows untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. The issue arises because, when a tool invocation fails, enclave-vm exposes a host-side Error object to the sandboxed code. This Error object retains its host realm prototype chain, which can be traversed to access the host Function constructor. An attacker can intentionally trigger a host error, climb the prototype chain, and use the Function constructor to execute malicious JavaScript in the host context. This bypasses the sandbox's security measures and can lead to unauthorized access to sensitive resources such as environment variables, the filesystem, and network capabilities.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the host Node.js environment, bypassing the Enclave sandbox and accessing sensitive resources like environment variables, the filesystem, and network.

Reproduction

The vulnerability can be reproduced by invoking a non-existent tool, which triggers a host error. The exposed Error object can then be used to climb the prototype chain to reach the host Function constructor, where arbitrary code can be executed.

Remediation

Users can upgrade to Enclave version 2.7.0 or later, where this vulnerability has been fixed.