CVE-2024-38358

CVSS V2 None CVSS V3 None
Description
Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both `oflags::creat` and `rights::fd_write`. Programs can also crash the runtime by creating a symlink pointing outside with `path_symlink` and `path_open`ing the link. This issue has been addressed in commit `b9483d022` which has been included in release version 4.3.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Overview
  • CVE ID
  • CVE-2024-38358
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-06-19T19:55:26.111Z
  • Last Modified Date
  • 2024-06-19T19:55:26.111Z
History
Created Old Value New Value Data Type Notes
2024-06-26 14:48:45 Added to TrackCVE