Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 2:16 p.m.8 views

CVE-2026-47208 vm2: Sandbox Breakout Using Promise Species

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS5.7AI score0.0051EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 5:40 p.m.11 views

GHSA-76W7-J9CQ-RX2J vm2 is Vulnerable to Sandbox Breakout Through Promise Species

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The localPromise constructor was changed to call this.thenundefined, eater to ensure a rejected promise i...

10CVSS6.5AI score0.0051EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 5:40 p.m.56 views

vm2 is Vulnerable to Sandbox Breakout Through Promise Species

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The localPromise constructor was changed to call this.thenundefined, eater to ensure a rejected promise i...

10CVSS6.5AI score0.0051EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/05 4:23 p.m.15 views

NPM: VM2 Has Sandbox Breakout Through Promise Species

NPM: VM2 Has Sandbox Breakout Through Promise Species vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.3...

9.8CVSS6AI score0.00896EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/05 4:23 p.m.9 views

GHSA-QVJJ-29QF-HP7P VM2 Has Sandbox Breakout Through Promise Species

Summary The fix for https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The fix for...

9.8CVSS6.5AI score0.00896EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/05 4:23 p.m.10 views

VM2 Has Sandbox Breakout Through Promise Species

Summary The fix for https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The fix for...

9.8CVSS6.5AI score0.00896EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/04 6:27 p.m.8 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the resetPromiseSpecies function. An attacker can execute arbitrary commands on the host system by escaping from the...

10CVSS7.8AI score0.02342EPSS
Exploits5References2
CVE
CVE
added 2026/05/04 4:31 p.m.21 views

CVE-2026-24120

Technical details about CVE-2026-24120 are not publicly available in the provided documents. The affected components, root cause, impact, and fixes are not specified here. Monitor for updates.

9.8CVSS7.7AI score0.00896EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/18 12:0 a.m.5 views

The vulnerability of the NPM packet manager’s vm2 library, related to improper code generation management, allows a attacker to escape from a isolated programming environment and execute arbitrary code.

The vulnerability of the NPM package manager’s vm2 library is related to improper code generation during the processing of Promise objects with the @@species parameter. Exploiting this vulnerability allows a remote attacker to escape from a isolated programming environment and execute arbitrary...

10CVSS8.4AI score0.02342EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder