Rewterz Threat Alert – KONNI APT Group – Active IOCs
October 4, 2022Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
October 4, 2022Rewterz Threat Alert – KONNI APT Group – Active IOCs
October 4, 2022Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
October 4, 2022Severity
High
Analysis Summary
CVE-2022-39266
Node.js isolated-vm module could allow a remote attacker to execute arbitrary code on the system, caused by vulnerable CachedDataOptions in API. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass sandbox restrictions and run arbitrary code on the affected system.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2022-39266
Affected Vendors
- Node.js
Affected Products
Node.js isolated-vm 4.3.6
Remediation
Refer to Node.js Security Advisory for patch, upgrade or suggested workaround information.