Описание
Prototype Pollution in vm2
This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-23449
- https://github.com/patriksimek/vm2/issues/363
- https://github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886
- https://github.com/patriksimek/vm2/releases/tag/3.9.4
- https://security.netapp.com/advisory/ntap-20211029-0010
- https://snyk.io/vuln/SNYK-JS-VM2-1585918
Пакеты
Наименование
vm2
npm
Затронутые версииВерсия исправления
< 3.9.4
3.9.4
Связанные уязвимости
CVSS3: 9.8
nvd
больше 4 лет назад
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.