Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

admin by admin
October 11, 2022
in Ethical Hackers


A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine.

“A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox,” GitHub said in an advisory published on September 28, 2022.

CyberSecurity

The issue, tracked as CVE-2022-36067 and codenamed Sandbreak, carries a maximum severity rating of 10 on the CVSS vulnerability scoring system. It has been addressed in version 3.9.11 released on August 28, 2022.

vm2 is a popular Node library that’s used to run untrusted code with allowlisted built-in modules. It’s also one of the most widely downloaded software, accounting for nearly 3.5 million downloads per week.

vm2 JavaScript Sandbox

The shortcoming is rooted in the error mechanism in Node.js to escape the sandbox, according to application security firm Oxeye, which discovered the flaw.

This means that successful exploitation of CVE-2022-36067 could permit an attacker to bypass the vm2 sandbox environment and run shell commands on the system hosting the sandbox.

CyberSecurity

In light of the critical nature of the vulnerability, users are recommended to update to the latest version as soon as possible to mitigate possible threats.

“Sandboxes serve different purposes in modern applications, such as examining attached files in email servers, providing an additional security layer in web browsers, or isolating actively running applications in certain operating systems,” Oxeye said.

“Given the nature of the use cases for sandboxes, it’s clear that the vm2 vulnerability can have dire consequences for applications that use vm2 without patching.”





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Simple Hyper Service Transfer Protocol On Networks

Next Post

IPVanishクーポン:1年間プランで63%OFF

Next Post

IPVanishクーポン:1年間プランで63%OFF

Recommended

PrivateVPN not working with BBC iPlayer? Troubleshooting tips

5 months ago

An Evil Java RMI Registry

5 months ago

© Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.