On 28 September GitHub published a security advisory for the Node.js library vm2, detailing a sandbox escape vulnerability assigned a severity rating of 10 as CVE-2022-36067. Called Sandbreak, the initial notification was received by developers of the package on 28 August, and was patched later that day as version 3.9.11. Vm2 is a Node.js package that enables the user to run untrusted code without risking compromise of the system running it. The vulnerability exploits a flaw in error handling to escape the sandbox and run shell commands on the system running vm2.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security