7 matches found
Security Bulletin: A security vulnerability in Node.js vm2 affects IBM Cloud Pak for Multicloud Management Managed Services [CVE-2021-23555] and [CVE-2021-23449]
Summary A security vulnerability in Node.js vm2 affects IBM Cloud Pak for Multicloud Management Managed Services CVE-2021-23555 and CVE-2021-23449 has been addressed in IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 5. Vulnerability Details CVEID:CVE-2021-23555 DESCRIPTION: Node.js vm2 modu...
Security Bulletin: A security vulnerability in Node.js vm2 module affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js vm2 module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-23449 DESCRIPTION: Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or...
2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4126 more potentially affected by CVE-2021-23449 via vm2 (>=1.0.1 <=3.9.3)
vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.24.1-20230627140514 and more Source cves: CVE-2021-23449 Source advisory: OSV:GHSA-RJF2-J2R6-Q8GR...
CVE-2021-23449
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine...
CVE-2021-23449
The CVE-2021-23449 entry concerns the Node.js vm2 package (pre-3.9.4). A Prototype Pollution flaw allows an attacker to modify Object.prototype via proto /constructor payloads, which can lead to sandbox escape and execution of arbitrary code on the host. Impact is described as remote code executi...
CVE-2021-23449 Sandbox Bypass
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine...
2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4124 more potentially affected by CVE-2021-23449 via vm2 (>=3.0.0 <=3.9.3)
vm2 NPM version =3.0.0, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.24.1-20230627140514 and more Source cves: CVE-2021-23449 Source advisory: SNYK:JS-VM2-1585918...