Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Critical Vulnerability in VM2 Library

April 10, 2023
Reading Time: 2 mins read
in Alerts

 

The VM2 library, used to securely run untrusted JavaScript code on Node.js servers, has been found to have a critical vulnerability that allows remote code execution. The issue received the maximum severity score of 10.0 and impacts all versions of VM2 from 3.9.14 and older.

The vulnerability was discovered by the research team at Korea Advanced Institute of Science and Technology (KAIST).

A new version of the library, 3.9.15, has been released to fix the issue, but proof-of-concept exploit code has already been released by KAIST Ph.D student Seongil Wi on GitHub, demonstrating the ability to bypass sandbox protections and execute commands to create arbitrary files on the host system.

VM2 is widely used in various JavaScript-related products, including integrated development environments (IDEs), code editors, function-as-a-service (FaaS) solutions, pen-testing frameworks, and security tools, and has more than 16 million monthly downloads via the NPM package repository.

In October 2022, another critical flaw, CVE-2022-36067, was found in VM2, allowing attackers to run commands on the host system, which was swiftly fixed with a new version of the library.

Users of VM2 are advised to update to the latest version of the library to mitigate the risk of exploitation.

This incident highlights the importance of regularly updating software and promptly addressing any security vulnerabilities that are identified, as even seemingly minor vulnerabilities can be exploited by cybercriminals to cause significant damage to organizations and individuals.

 

Reference:
  • Sandbox Escape

Tags: April 2023Cyber AlertCyber Alerts 2023JavascriptKoreaNode.jsVM2 LibraryVulnerabilities
ADVERTISEMENT

Related Posts

Redis Use After Free Bug Enables RCE

Google Chrome RCE Flaw Details Leak

October 8, 2025
Redis Use After Free Bug Enables RCE

Redis Use After Free Bug Enables RCE

October 8, 2025
Redis Use After Free Bug Enables RCE

Microsoft Ties Storm 1175 To Medusa

October 8, 2025
XWorm 6.0 Returns With New Plugins

XWorm 6.0 Returns With New Plugins

October 7, 2025
XWorm 6.0 Returns With New Plugins

Rhadamanthys Stealer Evolves Again

October 7, 2025
XWorm 6.0 Returns With New Plugins

Steam And Microsoft Warn Of Unity Flaw

October 7, 2025

Latest Alerts

Microsoft Ties Storm 1175 To Medusa

Google Chrome RCE Flaw Details Leak

Redis Use After Free Bug Enables RCE

XWorm 6.0 Returns With New Plugins

Steam And Microsoft Warn Of Unity Flaw

Rhadamanthys Stealer Evolves Again

Subscribe to our newsletter

    Latest Incidents

    DraftKings Warns Of Account Breaches

    Doctors Imaging Data Breach Hits 171K

    Salesforce Refuses To Pay Ransom

    Red Hat Data Breach Escalates Further

    FC Barcelona Instagram Hacked By Scam

    Threat Actors Claim Huawei Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial