Proof-Of-Concept Exploit Code InVM2 JS Library Released

An exploit has been discovered for the critical high vulnerability in the VM2 JavaScript library. The abused vulnerability got the highest severity rate and is caused by the library improperly handling the host objects passed to the ‘Error.prepareStackTrace’ function when an asynchronous error occurs, which may lead to the remote code execution bypassing the protection. The issue is addressed in the newest VM2 version 3.9.15, while the older ones are at risk of exploitation. Read more...