CVSS 3.1 Score 10.0 of 10 (high)


Published Jul 21, 2023
Updated: Feb 1, 2024


CVE-2023-37903 is a vulnerability in the open source vm/sandbox for Node.js called vm2. Versions up to and including 3.9.19 are affected. Attackers can exploit the Node.js custom inspect function to escape the sandbox and execute arbitrary code, potentially leading to Remote Code Execution. There are no available patches or workarounds, so users are advised to switch to alternative software. The vulnerability has a high risk score of 73, based on its critical severity and potential impact on integrity, confidentiality, and availability.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37903 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options