A vulnerability in Spotify’s open-source, Cloud Native Computing Foundation (CNCF)-incubated project Backstage has been discovered that could lead to threat actors performing remote code execution (RCE). The findings come from the Oxeye research team, who have managed to exploit a virtual machine (VM) sandbox escape via a third-party library named vm2.
Read full article on Infosecurity