vm2 Sandbox Boundary Violation via Host Promise Resolution

A sandbox boundary violation has been identified in vm2, an open-source virtual machine/sandbox for Node.js, affecting versions through 3.10.5. The vulnerability allows host object identity to cross into the sandbox via host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox's .then() callback retains the host identity. This enables the sandbox to interact directly with the host object, including conducting identity checks using host-side WeakMap and altering host object state from within the sandbox. The issue arises because the Promise fulfillment wrapper employs ensureThis() instead of the more robust cross-realm conversion path. Consequently, objects resolved by host Promises can breach the sandbox boundary without adequate isolation, undermining the intended security guarantees of vm2.

Impact

Exploitation of this vulnerability allows host object references to cross the vm2 sandbox boundary via Promise resolution, leading to unauthorized access and modification of host objects. This includes disclosure of host object identities, unauthorized mutations of host object states, and potential leaks of sensitive host objects if they are accessible through Promises.

Reproduction

To reproduce this vulnerability, create a host object and a host Promise that resolves to that object. Then, set up a vm2 instance with a sandbox that includes the host Promise and a WeakMap. When the Promise is resolved in the sandbox, it will retain the identity of the host object, allowing for direct interaction with the host object, such as performing identity checks with the WeakMap or mutating the host object's properties. This can be demonstrated by resolving a host Promise in the sandbox and accessing the host object through a WeakMap lookup, which will succeed if the identity was preserved. Additionally, the vulnerability can be exploited by mutating the host object through the resolved Promise, reflecting the changes back to the original object.

Remediation

Users are advised to update vm2 to version 3.11.0 or later, where this vulnerability has been fixed.