7 matches found
GHSA-HW58-P9XV-2MJH vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
Summary A sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10.2 only sanitized the onRejected callback in .then and...
vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
Summary A sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10.2 only sanitized the onRejected callback in .then and...
CVE-2026-22709
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...
CVE-2026-22709
CVE-2026-22709 affects the vm2 Node.js sandbox module prior to 3.10.2. The vulnerability arises because Promise.prototype.then/catch sanitization is incomplete: the globalPromise path isn’t sanitized in lib/setup-sandbox.js, allowing an attacker to escape the sandbox and execute arbitrary code. U...
CVE-2026-22709 vm2 has a Sandbox Escape
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...
CVE-2026-22709
creationtimestamp| type| source ---|---|--- 2026-01-26 19:10:38+00:00| seen| https://gist.github.com/alon710/1a9dd02522093ff2ceb805cf35c0f14f 2026-01-26 22:34:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdechvpf7f2g 2026-01-27 01:25:49+00:00| seen|...
org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-22709 via org.webjars.npm:vm2 (=3.9.19)
org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...