Mirage News
Mirage News
National
 Date Time

Remote code execution vulnerability present in vm2 sandbox

Australian Cyber Security Centre

Background /What has happened?

A remote code execution vulnerability (CVE-2022-36067) has been identified in vm2 sandbox versions prior to 3.9.11.

vm2 is a commonly used software testing framework. The popular Javascript sandbox library has at least 16 million monthly downloads.

Exploitation of this vulnerability could allow a malicious actor to bypass the sandbox protections to gain remote code execution rights on the host running the sandbox and perform unauthorised actions.

Affected Australian organisations should apply the available patch immediately.

The ACSC is not aware of any successful exploitation attempts against Australian organisations.

Mitigation / How do I stay secure?

Australian organisations that use vm2 sandbox versions prior to 3.9.11 should review their patch status and update to the latest version. There are no known workarounds.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and can provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
Tags: , , , , , , ,

You might also like

Benefits of Creative Hobbies: Exploring Arts and Crafts
Cat Mayor for Two Decades: Feline Leader in U.S. State
Owls at Dawn: Health Risks of Late-Night Lifestyle
Jungles to Barren Deserts: Extremes of Nature's Offering
Secret Life of Colors: Science, Perception and Emotion
Unveiling the Secrets: Lessons from Top Entrepreneurs