vm2 Node.js Sandbox Escape Vulnerability Allowing Remote Code Execution

A vulnerability in vm2 version 3.10.5 allows for a bypass of the NodeVM's require.root path restriction using filesystem symlinks. This flaw enables sandboxed code to load modules from outside the designated root directory into the host context. The issue arises because path validation employs path.resolve(), which does not follow symlinks, while module loading utilizes Node's require(), which does. As a result, an attacker can load arbitrary host-realm modules, leading to remote code execution. The vulnerability is present in vm2, an open-source virtual machine/sandbox for Node.js, and has been patched in version 3.11.0.

Impact

Exploitation of this vulnerability allows for unauthorized sandbox escape, enabling the loading of arbitrary modules from outside the allowed root directory into the host context. This can be leveraged to execute arbitrary commands on the host system, achieving remote code execution. The vulnerability also completely bypasses the require.root restriction, which is the primary defense against module loading attacks. The issue is particularly concerning in production environments, as package managers like pnpm, npm workspaces, and npm link can create the necessary symlink conditions for exploitation.

Reproduction

To reproduce this vulnerability, create a symlink inside a Node.js project that points to a directory outside the project's root. This can be done using npm link or by creating a pnpm workspace. Once the symlink is established, load the vm2 package in a NodeVM instance with the context set to 'host' and the require.root option pointing to the directory containing the symlink. When the sandboxed code is executed, it will traverse the symlink, bypassing the root restriction and allowing access to modules outside the allowed directory.

Remediation

Users can upgrade to vm2 version 3.11.0 or later, where this vulnerability has been fixed.