There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.
This issue has been addressed in the following products: multicluster engine for Kubernetes 2.2 for RHEL 8 Via RHSA-2023:1887 https://access.redhat.com/errata/RHSA-2023:1887
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8 Via RHSA-2023:1888 https://access.redhat.com/errata/RHSA-2023:1888
This issue has been addressed in the following products: multicluster engine for Kubernetes 2.0 for RHEL 8 Via RHSA-2023:1893 https://access.redhat.com/errata/RHSA-2023:1893
This issue has been addressed in the following products: multicluster engine for Kubernetes 2.1 for RHEL 8 Via RHSA-2023:1894 https://access.redhat.com/errata/RHSA-2023:1894
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2023:1897 https://access.redhat.com/errata/RHSA-2023:1897
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.5 for RHEL 8 Via RHSA-2023:1896 https://access.redhat.com/errata/RHSA-2023:1896