Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Critical Vulnerability in VM2 Library

April 10, 2023
Reading Time: 2 mins read
in Alerts

 

The VM2 library, used to securely run untrusted JavaScript code on Node.js servers, has been found to have a critical vulnerability that allows remote code execution. The issue received the maximum severity score of 10.0 and impacts all versions of VM2 from 3.9.14 and older.

The vulnerability was discovered by the research team at Korea Advanced Institute of Science and Technology (KAIST).

A new version of the library, 3.9.15, has been released to fix the issue, but proof-of-concept exploit code has already been released by KAIST Ph.D student Seongil Wi on GitHub, demonstrating the ability to bypass sandbox protections and execute commands to create arbitrary files on the host system.

VM2 is widely used in various JavaScript-related products, including integrated development environments (IDEs), code editors, function-as-a-service (FaaS) solutions, pen-testing frameworks, and security tools, and has more than 16 million monthly downloads via the NPM package repository.

In October 2022, another critical flaw, CVE-2022-36067, was found in VM2, allowing attackers to run commands on the host system, which was swiftly fixed with a new version of the library.

Users of VM2 are advised to update to the latest version of the library to mitigate the risk of exploitation.

This incident highlights the importance of regularly updating software and promptly addressing any security vulnerabilities that are identified, as even seemingly minor vulnerabilities can be exploited by cybercriminals to cause significant damage to organizations and individuals.

 

Reference:
  • Sandbox Escape

Tags: April 2023Cyber AlertCyber Alerts 2023JavascriptKoreaNode.jsVM2 LibraryVulnerabilities
ADVERTISEMENT

Related Posts

Windows Cloud Files Minifilter Exploited

Cloaked AI Attack Makes Crawlers Cite Lies

October 30, 2025
Windows Cloud Files Minifilter Exploited

Windows Cloud Files Minifilter Exploited

October 30, 2025
Windows Cloud Files Minifilter Exploited

PhantomRaven Npm Campaign Hides Bad Code

October 30, 2025
Paterson & Dowding Data Breach Confirmed

Npm Packages Steal Developer Logins

October 29, 2025
Paterson & Dowding Data Breach Confirmed

Android Trojan Herodotus Outsmarts Systems

October 29, 2025
Paterson & Dowding Data Breach Confirmed

X Warns Users To Re-enroll Keys Soon

October 29, 2025

Latest Alerts

PhantomRaven Npm Campaign Hides Bad Code

Cloaked AI Attack Makes Crawlers Cite Lies

Windows Cloud Files Minifilter Exploited

Npm Packages Steal Developer Logins

Android Trojan Herodotus Outsmarts Systems

X Warns Users To Re-enroll Keys Soon

Subscribe to our newsletter

    Latest Incidents

    Canada Warns Hackers Breach Critical ICS

    Family Health West Hit By Cyberattack

    Tasmanian Gov Agencies Hit By Cyber Attack

    Schneider And Emerson Hit By Oracle Hack

    M-TIBA Faces Possible Data Breach

    Paterson & Dowding Data Breach Confirmed

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial