6 matches found
CVE-2022-25893 Arbitrary Code Execution
The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...
CVE-2022-25893
CVE-2022-25893 affects the vm2 Node.js module (pre-3.9.10) and is caused by a prototype pollution flaw in WeakMap.prototype.set, enabling an attacker to access host objects and potentially compromise the sandbox, leading to arbitrary code execution. Reported impact in the sources: remote code exe...
2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4006 more potentially affected by CVE-2022-25893 via vm2 (>=1.0.1 <=3.9.1)
vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.23.0-alpha.1 and more Source cves: CVE-2022-25893 Source advisory: OSV:GHSA-4W2J-2RG4-5MJW...
CVE-2022-25893
The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...
CVE-2022-25893 Arbitrary Code Execution
The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...
2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4004 more potentially affected by CVE-2022-25893 via vm2 (>=3.0.0 <=3.9.1)
vm2 NPM version =3.0.0, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.23.0-alpha.1 and more Source cves: CVE-2022-25893 Source advisory: SNYK:JS-VM2-2990237...