October 13, 2022
VM2 Patched A Critical Vulnerability Allows Attackers to Run Code Outside the Sandbox
- CVE-2022-36067(CVSS 3.1: 10.0, Critical) – Vulnerability in the error mechanism in Node.js.
Successful exploitation might allow an attacker to bypass the vm2 sandbox environment and run shell commands on the system hosting the sandbox.
- VM2 versions prior to 3.9.11
CYREBRO urges all client to update to the latest VM2 version (3.9.11) and replace older releases in their projects as soon as possible.
References: VM2 Advisory