検出

Node.js モジュール vm2 < 3.9.11 サンドボックスの脱出

critical Nessus プラグイン ID 173678

Language:

バージョン 1.5

Jan 5, 2026, 10:40 PM

  • Detection (Added Check for OS Managed Packages)
  • Detection (Exclude certain ZTE CGSL directories by default. Modified Plugins to call Nodejs specific functions for reporting)

Plugin Feed: 202601052240

バージョン 1.4

Oct 7, 2024, 1:27 PM

  • Plugin categorization (adding new 'component' to component plugins)

Plugin Feed: 202410071327

バージョン 1.3

Jun 7, 2024, 12:56 AM

  • Detection (improved logic, fixed bugs, set all plugins to report modules via scratch pad)

Plugin Feed: 202406070056

バージョン 1.2

Apr 20, 2023, 2:13 PM

  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C")
  • Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available")

Plugin Feed: 202304201413

バージョン 1.1

Mar 30, 2023, 2:02 PM

  • CVSS metrics ("CVSSv2 score" changed from 7.5 to 10.0. "CVSSv2 score" changed from 7.5 to 10.0. "CVSSv2 score" changed from 7.5 to 10.0. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C")
  • Exploit attributes ("Exploit available" set to "False". "Exploit available" set to "False". "Exploitability ease" set to "No known exploits are available". "Exploitability ease" set to "No known exploits are available". "Exploitability ease" set to "No known exploits are available")
  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C")

Plugin Feed: 202303301402

バージョン 1.0

Mar 30, 2023, 10:01 AM

  • New

Plugin Feed: 202303301001

* Changelogs are generally available for changes made after Nov 1, 2022