Vulnerabilities > CVE-2023-51661 - Unspecified vulnerability in Wasmer

CVSS 8.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wasmer

NVD

Published: 2023-12-22

Updated: 2024-01-03

Summary

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.

Vulnerable Configurations

Part	Description	Count
Application	Wasmer Wasmer Wasmer *	1

References

https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j
https://github.com/wasmerio/wasmer/issues/4267
https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c