Description

Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both `oflags::creat` and `rights::fd_write`. Programs can also crash the runtime by creating a symlink pointing outside with `path_symlink` and `path_open`ing the link. This issue has been addressed in commit `b9483d022` which has been included in release version 4.3.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-06-19T19:55:26.111Z

Last Modified :

2024-08-02T04:04:25.282Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38358 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38358.

URL Resource
https://github.com/wasmerio/wasmer/commit/b9483d022c602b994103f78ecfe46f017f8ac662 cve-icon cve-icon cve-icon
https://github.com/wasmerio/wasmer/security/advisories/GHSA-55f3-3qvg-8pv5 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact