CVE-2023-51661

Published: Dec 22, 2023

Modified: Apr 17, 2025

PUBLISHED

CVSS v3.1

8.4

HIGH

Description

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.

Vendor	Product	Versions
wasmerio	wasmer	affected `>= 3.0.0, < 4.2.4`

Weaknesses (CWE)

CWE-284

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j

x_refsource_CONFIRM

https://github.com/wasmerio/wasmer/issues/4267

x_refsource_MISC

https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-51661

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References