3 matches found
Information Exposure
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Information Exposure via the sandbox CallSite handling. An attacker can leak absolute host filesystem paths by causing error.stack or...
org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-44002 via org.webjars.npm:vm2 (=3.9.19)
org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...
CVE-2026-44002
creationtimestamp| type| source ---|---|--- 2026-05-01 20:44:37+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw...