Headline
GHSA-g6w6-h933-4rc5: Soketi was exposed to Sandbox Escape vulnerability via vm2
Impact
What kind of vulnerability is it? Who is impacted?
Anyone who might have used Soketi with the cluster driver (or through PM2).
Patches
Has the problem been patched? What versions should users upgrade to? Get the latest version of Soketi.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading? None. It’s advised to upgrade to the latest version.
References
Are there any links users can visit to find out more?
- https://github.com/advisories/GHSA-cchq-frgv-rjh5
- https://github.com/patriksimek/vm2/issues/533
- https://github.com/Unitech/pm2/issues/5643
Package
npm @soketi/soketi (npm)
Affected versions
< 1.6.0
Patched versions
1.6.0
Description
Impact
What kind of vulnerability is it? Who is impacted?
Anyone who might have used Soketi with the cluster driver (or through PM2).
Patches
Has the problem been patched? What versions should users upgrade to?
Get the latest version of Soketi.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
None. It’s advised to upgrade to the latest version.
References
Are there any links users can visit to find out more?
- GHSA-cchq-frgv-rjh5
- patriksimek/vm2#533
- Unitech/pm2#5643
References
- GHSA-g6w6-h933-4rc5
- Unitech/pm2#5643
- patriksimek/vm2#533
- soketi/soketi#927
- soketi/soketi@de12bff
- GHSA-cchq-frgv-rjh5
- https://github.com/soketi/soketi/releases/tag/1.6.0
rennokki published to soketi/soketi
Aug 3, 2023
Published to the GitHub Advisory Database
Aug 3, 2023
Reviewed
Aug 3, 2023
Last updated
Aug 3, 2023