11 matches found
Node.js Module vm2 < 3.9.11 Sandbox Breakout
The version of the Node.js module vm2 installed on the remote host is prior to 3.9.11. It is, therefore affected by a sandbox breakout vulnerability. Untrusted code can break out of the sandbox created by the affected vm2 module and execute arbitrary code on the host system. Note that Nessus has...
Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform
Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability CVSS score: 9.8, at its core, takes advantage of a critical sandbox escape in vm2...
Exploit for Improper Control of Dynamically-Managed Code Resources in Vm2_Project Vm2
Exploit-For-CVE-2022-36067 This repo contains payload for the...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that use the Box connector may be vulnerable to arbitrary code execution due to [CVE-2022-36067]
Summary Node.js module vm2 is used by the Box connector in IBM App Connect Enterprise Certified Container IntegrationServer operands. IBM App Connect Enterprise Certified Container IntegrationServer operands that use the Box connector may be vulnerable to arbitrary code injection. This bulletin...
Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.1 security update and bug fixes
Multicluster Engine for Kubernetes 2.1.1 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes
Multicluster Engine for Kubernetes 2.0.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2022-36067 vm2 vulnerable to Sandbox Escape before v3.9.11
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of...
CVE-2022-36067 vm2 vulnerable to Sandbox Escape before v3.9.11
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of...
CVE-2022-36067
CVE-2022-36067 (vm2) is a Node.js sandbox vulnerability in the vm2 library. In versions prior to 3.9.11, the sandbox protections can be bypassed, allowing a threat actor to gain remote code execution on the host running the sandbox. The issue has been fixed in vm2 3.9.11. The Initial Description ...
CVE-2022-36067 vm2 vulnerable to Sandbox Escape before v3.9.11
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of...