On 28 September GitHub published a security advisory for the Node.js library vm2, detailing a sandbox escape vulnerability assigned a severity rating of 10 as CVE-2022-36067. Called Sandbreak, the initial notification was received by developers of the package on 28 August, and was patched later that day as version 3.9.11. Vm2 is a Node.js package that enables the user to run untrusted code without risking compromise of the system running it. The vulnerability exploits a flaw in error handling to escape the sandbox and run shell commands on the system running vm2.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in