#sandboxescape — Public Fediverse posts

vm2 Library Vulnerabilities Enable Sandbox Escape and Code Execution

A dozen critical vulnerabilities in the vm2 Node.js library can be exploited by hackers to break free from sandbox restrictions and run malicious code on vulnerable systems. This serious security flaw has been assigned high CVSS scores, emphasizing the urgent need for users to patch their systems.

https://osintsights.com/vm2-library-vulnerabilities-enable-sandbox-escape-and-code-execution?utm_source=mastodon&utm_medium=social

#Nodejs #Vm2Library #SandboxEscape #CodeExecution #Cve202624118

Chrome Sandbox Escape Earns Researcher $250,000 https://www.securityweek.com/chrome-sandbox-escape-earns-researcher-250000/ #bugbountyprogram #Vulnerabilities #sandboxescape #vulnerability #bugbounty #Chrome

Chrome Sandbox Escape Earns Researcher $250,000 https://www.securityweek.com/chrome-sandbox-escape-earns-researcher-250000/ #bugbountyprogram #Vulnerabilities #sandboxescape #vulnerability #bugbounty #Chrome

🚨​ [#PatchNow] New VM2 #SandboxEscape... Two critical vulns are out in the #VM2 #Sandbox Library. These flaws affect all versions prior to 3.9.17 and both carry a CVSS score of 9.8.

If exploited, a threat actor could escape protection boundaries and execute arbitrary code. A patch has been released. so get it and update: https://www.bleepingcomputer.com/news/security/new-sandbox-escape-poc-exploit-available-for-vm2-library-patch-now.

These two CVEs (CVE-2023-29199 and CVE-2023-30547) were discovered by Seung Hyun Lee.

https://nvd.nist.gov/vuln/detail/CVE-2023-29199

https://nvd.nist.gov/vuln/detail/CVE-2023-30547

#infosec #patchmanagement #riskmitigation