Security researchers from Oxeye have discovered a critical remote code execution flaw in vm2, a JavaScript sandbox library. Tracked as CVE-2022-36067, the flaw has been given a CVSS score of 10. On successful exploitation, this flaw could allow attackers to escape the vm2 sandbox environment and run shell commands on the machine hosting the sandbox. … Continue reading “vm2 NPM Package Remote Code Execution Vulnerability (CVE-2022-36067) (Sandbreak)”
