BTC $67410.0015
ETH $3593.5959
BNB $416.4328
SOL $129.9077
XRP $0.6561
stETH $3585.7788
ADA $0.7774
DOGE $0.1780
AVAX $42.6312
DOT $9.9456
wstETH $4165.0916
TRX $0.1402
LINK $20.3560
WETH $3598.6388
MATIC $1.1396
WBTC $67234.1897
UNI $12.3366
BCH $452.2054
LTC $89.7415
IMX $3.1695
ICP $13.1638
CAKE $3.3578
FIL $10.0198
ETC $35.1327
LEO $4.8796
ATOM $12.4225
TON $2.7710
HBAR $0.1177
RNDR $7.4133
KAS $0.1621
INJ $40.9267
DAI $0.9997
OKB $56.6241
VET $0.0496
PEPE $0.0000
XLM $0.1479
FDUSD $0.9974
STX $3.0701
WEMIX $2.7566
XMR $149.3118
GRT $0.3171
LDO $3.2702
NEAR $4.3329
ARB $1.9791
THETA $2.3134
BSV $115.4878
TIA $15.6992
BTC $67410.0015
ETH $3593.5959
BNB $416.4328
SOL $129.9077
XRP $0.6561
stETH $3585.7788
ADA $0.7774
DOGE $0.1780
AVAX $42.6312
DOT $9.9456
wstETH $4165.0916
TRX $0.1402
LINK $20.3560
WETH $3598.6388
MATIC $1.1396
WBTC $67234.1897
UNI $12.3366
BCH $452.2054
LTC $89.7415
IMX $3.1695
ICP $13.1638
CAKE $3.3578
FIL $10.0198
ETC $35.1327
LEO $4.8796
ATOM $12.4225
TON $2.7710
HBAR $0.1177
RNDR $7.4133
KAS $0.1621
INJ $40.9267
DAI $0.9997
OKB $56.6241
VET $0.0496
PEPE $0.0000
XLM $0.1479
FDUSD $0.9974
STX $3.0701
WEMIX $2.7566
XMR $149.3118
GRT $0.3171
LDO $3.2702
NEAR $4.3329
ARB $1.9791
THETA $2.3134
BSV $115.4878
TIA $15.6992
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Exploit in VM2 library allows a hacker to bypass Java protections

    A security researcher has released a Sandbox Escape PoC exploit that allows malicious code to be executed on a host running a VM2 sandbox.

    VM2 is a specialized JavaScript sandbox used to run and test untrusted code in a sandbox that prevents the code from accessing host system resources or external data.

    Over the past two weeks, several critical sandbox exit vulnerabilities have been discovered in VM2 that allowed attackers to run malicious code outside the sandbox restrictions.

    One of them, CVE-2023-30547 (CVSS: 9.8), is an exception sanitization vulnerability that allows a cybercriminal to throw an unchecked host exception inside the "handleException()" function.

    The vulnerability, which is downloaded almost 4 million times a week and integrated into more than 700 packages, could affect a huge number of developers and applications. The bug allows an attacker to bypass sandbox restrictions and execute arbitrary code in the context of a host, allowing for destructive attacks, including DoS attacks.

    The vulnerability was discovered by security analyst Seung Hyun Lee of the Korea Advanced Institute of Science and Technology (KAIST). Lee found that the flaw affects all versions of libraries from 3.9.16 and earlier.

    The researcher also published a PoC exploit to demonstrate the feasibility of an attack that creates a file named "pwned" on the host.

    All users, package maintainers, and software developers whose projects include the VM2 library are advised to upgrade to version 3.9.17, which fixes the vulnerability, as soon as possible.

    Unfortunately, supply chain complexities affecting most open source projects may delay the VM2 update for affected tools. Due to the public availability of PoC, many users may be at risk for a long time.

    Author DeepWeb
    Used corporate routers are the new gold for cybercriminals
    North Korean hackers steal data via MP3 files

    Comments 0

    Add comment