all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform

Add to bookmarks
Nov. 15, 2022, 5:01 p.m. | noreply@blogger.com (Ravie Lakshmanan)

The Hacker News thehackernews.com

Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module.
The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library (CVE-2022-36067 aka Sandbreak), that came to light last

backstage catalog critical developer flaw platform rce software spotify

Visit resource

More from thehackernews.com / The Hacker News

BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool 12 hours ago | thehackernews.com
actor asia attack backdoor +15
How Attackers Can Own a Business Without Touching the Endpoint 14 hours ago | thehackernews.com
apps attack attackers attack techniques +14
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers 15 hours ago | thehackernews.com
akira akira ransomware america businesses +19
Hackers Target Middle East Governments with Evasive "CR4T" Backdoor 19 hours ago | thehackernews.com
backdoor campaign cybersecurity cybersecurity company +15
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade 1 day, 11 hours ago | thehackernews.com
analysis called cisco cisco talos +22
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor 1 day, 12 hours ago | thehackernews.com
auto auto industry automotive automotive industry +17
Recover from Ransomware in 5 Minutes—We will Teach You How! 1 day, 14 hours ago | thehackernews.com
attack back can cdp +21
New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks 1 day, 15 hours ago | thehackernews.com
analysis android android trojan called +16
How to Conduct Advanced Static Analysis in a Malware Sandbox 1 day, 15 hours ago | thehackernews.com
advanced analysis can dynamic +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Intermediate Security Engineer, (Incident Response, Trust & Safety)

@ GitLab | Remote, US
View on infosec-jobs.com

Journeyman Cybersecurity Triage Analyst

@ Peraton | Linthicum, MD, United States
View on infosec-jobs.com

Project Manager II - Compliance

@ Critical Path Institute | Tucson, AZ, USA
View on infosec-jobs.com

Junior System Engineer (m/w/d) Cyber Security 1

@ Deutsche Telekom | Leipzig, Deutschland
View on infosec-jobs.com
View more jobs