Summary
The Node.js sandboxing library vm2 has disclosed 12 critical vulnerabilities that allow attackers to escape the sandbox and execute arbitrary code on the host. Public proof-of-concept exploits are available.
Take Action:
If you use vm2 to run untrusted code, update to version 3.11.2 ASAP. Given the repeated sandbox escapes in this library, consider moving high-risk script execution to more secure isolation layers like gVisor or lightweight virtual machines.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)