Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)

Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they immediately patch the vm2 sandbox if they use it in their applications. vm2 Javascript sandbox library vm2 is the most popular Javascript sandbox library, with around 17.5 million monthly downloads. It provides a commonly used software testing framework capable of running untrusted … More

The post Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067) appeared first on Help Net Security.

This article has been indexed from Help Net Security

Read the original article:

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!