Описание
Sandbox bypass in vm2
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
Пакеты
Наименование
vm2
npm
Затронутые версииВерсия исправления
< 3.9.6
3.9.6
Связанные уязвимости
CVSS3: 9.8
redhat
почти 4 года назад
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
CVSS3: 9.8
nvd
почти 4 года назад
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.