CVE-2023-51661
HIGH
8,4
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0035
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
284
Improper Access Control
IncompleteCommon Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
Technologies:
ICS/OT, Not Technology-Specific, Web Based
Application
Wasmer by Wasmer
Version Range Affected
From
3.0.0
(inclusive)
To
4.2.4
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:wasmer:wasmer:*:*:*:*:*:rust:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0db…
https://github.com/wasmerio/wasmer/issues/4267
https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j
https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0db…
https://github.com/wasmerio/wasmer/issues/4267
https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j