vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.
History

Sun, 08 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat acm
Redhat multicluster Engine
CPEs cpe:/a:redhat:acm:2.4::el8
cpe:/a:redhat:acm:2.5::el8
cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.0::el8
cpe:/a:redhat:multicluster_engine:2.1::el8
Vendors & Products Redhat
Redhat acm
Redhat multicluster Engine

Mon, 19 Aug 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.4::el8
cpe:/a:redhat:acm:2.5::el8
cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.0::el8
cpe:/a:redhat:multicluster_engine:2.1::el8
Vendors & Products Redhat
Redhat acm
Redhat multicluster Engine

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-09-06T00:00:00

Updated: 2024-08-03T09:51:59.996Z

Reserved: 2022-07-15T00:00:00

Link: CVE-2022-36067

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-09-06T22:15:09.207

Modified: 2022-11-08T03:03:23.473

Link: CVE-2022-36067

cve-icon Redhat

Severity : Critical

Publid Date: 2022-09-07T00:00:00Z

Links: CVE-2022-36067 - Bugzilla