Help
FortiDevSec
FortiDevSec is an application security testing product that offers a comprehensive SaaS based continuous application testing for software Developers and DevOps, without the need for any security expertise
dmaciejak
Staff
Staff

Created on ‎05-17-2023 12:14 AM

Article Id 256850

Outbreak Alert: VM2 Sandbox Escape Vulnerability

Description

This article describes VM2 Spring Cloud Function vulnerabilities detection with FortiDevSec.

 

Multiple vulnerabilities such as CVE-2022-36067CVE-2023-29017CVE-2023-29199CVE-2023-30547 have been reported in VM2.

VM2 is a sandbox solution that can run untrusted code with whitelisted Node's built-in modules. By exploiting these flaws, threat actors can bypass the sandbox protections to gain remote code execution on the host running the sandbox.
Scope FortiDevSec SCA scanner updated in version 23.2.a
Solution

Detection against these vulnerabilities is empowered by the FortiDevSec Software Composition Analysis (SCA) scanner.

 

This technology enables FortiDevSec to assess with a high level of confidence if the application codebase is vulnerable to a specific vulnerability by identifying open-source software dependencies.

 

The SCA scanner is enabled by default. Once the scan is performed on an application, the result appears under the Software Composition Analysis tab.

 

A step-by-step guide on how to scan your application is available in the user guide.

 

For more details regarding mitigating the vulnerability by utilizing Fortinet products, refer to https://www.fortiguard.com/outbreak-alert/vm2-sandbox-escape.
Labels:
223
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.