Skip to content

Sandbox Breakout in realms-shim

Critical severity GitHub Reviewed Published Oct 16, 2019 in Agoric/realms-shim • Updated Jan 9, 2023

Package

npm realms-shim (npm)

Affected versions

< 1.2.1

Patched versions

1.2.1

Description

Versions of realms-shim prior to 1.2.1 are vulnerable to a Sandbox Breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. One portion of this transform pipeline exposed a primal-Realm object to the rewriting function. Confined code which used the evaluator itself could provide a malicious rewriter function that captured this object, and use it to breach the sandbox.

Recommendation

Upgrade to version 1.2.1 or later.

References

@warner warner published to Agoric/realms-shim Oct 16, 2019
Published to the GitHub Advisory Database Oct 21, 2019
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

Critical
9.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-7cg8-pq9v-x98q

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.