Aggregates CVE and security vulnerability intelligence across all agoric-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk input validation, with potential vendor impact unexpected behavior across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-39532 | SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest pr | [email protected] | 9.8 | 1.80% | 2023-08-08 | 2024-11-21 |
| CVE-2021-23594 | All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. | [email protected] | 9.8 | 0.56% | 2022-01-10 | 2024-11-21 |
| CVE-2021-23543 | All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. | [email protected] | 9.8 | 0.56% | 2022-01-10 | 2024-11-21 |