Sandbox breakout can lead to remote code execution, researchers warn

A bug in vm2, a sandbox for testing untrusted JavaScript code, makes it possible for malicious parties to circumvent the library’s security controls and carry out remote code execution (RCE) attacks, a group of researchers have found.

vm2’s GitHub page describes the library as “a sandbox that can run untrusted code with whitelisted Node's built-in modules. Securely!”

However, CISPA Helmholtz Center for Information Security, a cybersecurity research group in Germany, found that the library is open to prototype pollution attacks.

Prototype pollution is a kind of vulnerability in JavaScript and other object-based languages that allows attackers to run arbitrary code by dynamically injecting properties into sensitive objects.

Sandbox breakout

A proof-of-concept (PoC) on Snyk shows how a few lines of code can exploit the vulnerability in vm2 to carry out a prototype pollution and RCE attack on the host.

While the bug has been filed as ‘prototype pollution’, Cristian-Alexandru Staicu, one of the researchers who helped discover and report the bug, told The Daily Swig that a better title would be “sandbox breakout”.


RELATED Prototype pollution vulnerabilities rife among high-traffic websites, study finds


“In the PoC published by Snyk, we show both a prototype pollution payload and an arbitrary code execution. They are both the result of sandbox breakout,” Staicu said. “vm2 is supposed to prevent access to the global object/privileged operations (e.g., require), and we show how an attacker might get around this security control.”

While the vulnerability does not provide root access to the host device, it gives complete access to the Node.js API, something vm2 is trying to restrict, Staicu explained.

Recurring bug

The team found the bug during a months-long project investigating vulnerabilities in JavaScript sandboxes.

In March, they reported a sandbox breakout bug in isolated-vm, another sandbox, which allowed attackers to obtain a reference to the ‘function’ object of the Node.js context.

They’ve found similar bugs in at least three other sandbox libraries, Staicu said, though he couldn’t share details since the disclosure process with the relevant developers remains ongoing and patches are yet to be released.

“Our results so far show that sandboxing JavaScript code with ES6 proxies is hard,” he said. “We found breakouts in most of the systems we analyzed, so one must be very careful when executing malicious code using these libraries.”


YOU MAY ALSO LIKE Historic scientific notation bug foils WAF defenses