2 matches found
ROOT-APP-NPM-CVE-2026-26332 CVE-2026-26332 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-26332 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
Arbitrary Code Injection
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection via the SuppressedError. An attacker can execute arbitrary code outside the intended sandbox environment by...