CVE-2024-34347 - OpenCVE

Link	Providers
https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34347", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-02T06:36:32.437Z", "datePublished": "2024-05-08T14:16:38.206Z", "dateUpdated": "2024-08-02T02:51:10.919Z"}, "containers": {"cna": {"title": "@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE", "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "lang": "en", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr"}, {"name": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01", "tags": ["x_refsource_MISC"], "url": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01"}], "affected": [{"vendor": "hoppscotch", "product": "hoppscotch", "versions": [{"version": ">= 0.5.0, < 0.8.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-08T14:16:38.206Z"}, "descriptions": [{"lang": "en", "value": "@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0."}], "source": {"advisory": "GHSA-qmmm-73r2-f8xr", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34347", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-08T17:33:34.499969Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hoppscotch:hoppscotch:*:*:*:*:*:*:*:*"], "vendor": "hoppscotch", "product": "hoppscotch", "versions": [{"status": "affected", "version": "0.5.0", "lessThan": "0.8.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:41:42.244Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:10.919Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr"}, {"name": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr", "name": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01", "name": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:10.919Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34347", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-08T17:33:34.499969Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hoppscotch:hoppscotch:*:*:*:*:*:*:*:*"], "vendor": "hoppscotch", "product": "hoppscotch", "versions": [{"status": "affected", "version": "0.5.0", "lessThan": "0.8.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-08T17:34:32.484Z"}}], "cna": {"title": "@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE", "source": {"advisory": "GHSA-qmmm-73r2-f8xr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "hoppscotch", "product": "hoppscotch", "versions": [{"status": "affected", "version": ">= 0.5.0, < 0.8.0"}]}], "references": [{"url": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr", "name": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01", "name": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-08T14:16:38.206Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34347", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:51:10.919Z", "dateReserved": "2024-05-02T06:36:32.437Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-08T14:16:38.206Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0."}, {"lang": "es", "value": "@hoppscotch/cli es una CLI para ejecutar scripts de prueba de Hoppscotch en entornos de CI. Antes de 0.8.0, el paquete @hoppscotch/js-sandbox proporciona un entorno limitado de Javascript que utiliza el m\u00f3dulo vm de Node.js. Sin embargo, el m\u00f3dulo vm no es seguro para el c\u00f3digo Javascript que no es de confianza. Esto se debe a que el c\u00f3digo dentro del contexto de la m\u00e1quina virtual puede romperse si puede obtener cualquier referencia a un objeto creado fuera de la m\u00e1quina virtual. En el caso de @hoppscotch/js-sandbox, se pasan m\u00faltiples referencias a objetos externos al contexto de la m\u00e1quina virtual para permitir interacciones de scripts de solicitud previa con variables de entorno y m\u00e1s. Pero esto tambi\u00e9n permite que el script de solicitud previa escape del entorno limitado. Esta vulnerabilidad se solucion\u00f3 en 0.8.0."}], "id": "CVE-2024-34347", "lastModified": "2024-05-08T17:05:24.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-08T15:15:11.310", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01"}, {"source": "security-advisories@github.com", "url": "https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object