vm2 Prototype Pollution Vulnerability Allowing Sandbox Escape

A vulnerability in vm2 versions 3.9.6 prior to 3.10.5 allows for sandbox escape and prototype pollution. The issue arises because vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes. It forwards sandbox writes into the underlying host objects using otherReflectSet() and otherReflectDefineProperty(). This behavior enables attacker-controlled JavaScript running in a default VM or inherited NodeVM to modify shared host prototypes, including Object.prototype, Array.prototype, and Function.prototype, from within the sandbox.

Impact

Exploitation of this vulnerability leads to unauthorized modification of shared host prototypes, allowing for prototype pollution and potential sandbox escape.

Reproduction

To reproduce this vulnerability, create a new VM instance using the vm2 library. Run a script that accesses the host's intrinsic prototypes through a series of method calls that bypass vm2's default protections. Once a proxy to a host prototype is obtained, use the VM's bridge methods to write data into the prototype, effectively polluting it. After the prototype is modified, the changes can be observed in the host environment, demonstrating the successful exploitation of the vulnerability.

Remediation

Users can upgrade to vm2 version 3.11.0 or later to address this vulnerability.