The vm2 JavaScript library has released two new versions, 3.9.16 and 3.9.17, to address two critical vulnerabilities, CVE-2023-29199 and CVE-2023-30547, rated 9.8 out of 10 on the CVSS scoring system.
These flaws can be exploited to bypass sandbox protections and gain remote code execution rights on the host.
SeungHyun Lee discovered and reported the vulnerabilities and released proof-of-concept (PoC) exploits for them.
This comes after a similar vulnerability, CVE-2023-29017, was remediated last week.
Another critical remote code execution vulnerability, Sandbreak, was also discovered late last year (CVE-2022-36067, CVSS score: 9.8).
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply