Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution

19 April 2023

A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of the sandbox protections. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively.

Read full article on The Hacker News

Date:

19 April 2023

Categorie(s):

NEWS

Tag(s):

Critical Flaws, IT, Leads, Library, Remote Code Execution

97% of security leaders have increased SaaS security budgets3 May 2024
New infosec products of the week: May 3, 20243 May 2024
Chinese government website security is often worryingly bad, say Chinese researchers3 May 2024
Security Excellence Awards – winners revealed!3 May 2024
McAfee Dominates AV-Comparatives PC Performance Test3 May 2024