サイバーヴィッシュ テクノロジーなどに関する最新の洞察とトレンド spotify
サイバーセキュリティ

Critical RCE Flaw Reported in Spotify’s Backstage Software Catalog and Developer Platform

Music Platform Spotify couldn’t stop from being a prey in the hands of cyberattack. Spotify’s Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library (CVE-2022-36067 aka Sandbreak), that came to light last month. “An unauthenticated threat actor can execute arbitrary system commands on a Backstage application by exploiting a vm2 sandbox escape in the Scaffolder core plugin,” application security firm Oxeye said in a report shared with […]

続きを読む