October 12, 2022
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine.
“A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox,” GitHub said in an advisory published on September 28, 2022.
The
“A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox,” GitHub said in an advisory published on September 28, 2022.
The
Article posted by: https://thehackernews.com/2022/10/researchers-detail-critical-rce-flaw.html
——————————————————————————————————————–
Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India
Contact us – https://www.infocerts.com
