How severe is CVE-2024-34347?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2024-34347?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2024-34347 - HIGH Severity | CVSS 8.3

Vulnerability Description

@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0.

Related Vulnerabilities

CVE-2020-11789

HIGH

CVSS:8.3(High)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and...

CWE-772020

CVE-2023-38034

HIGH

CVSS:8.3(High)

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All...

CWE-772023

CVE-2024-37569

HIGH

CVSS:8.3(High)

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The...

CWE-772024

CVE-2024-41637

HIGH

CVSS:8.3(High)

RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands wi...

CWE-772024

CVE-2025-43012

HIGH

CVSS:8.3(High)

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

CWE-772025

CVE-2020-14433

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS...

CWE-772020