Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44000

A flaw was found in vm2 before 3.11.0. Host-side Promises that resolve to host objects deliver values to sandbox .then callbacks without cross-realm conversion ensureThis instead of from/proxy wrapping, allowing sandbox code to interact with host objects directly. Fixed in 3.11.0...

7.2CVSS5.8AI score0.002EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/13 5:23 p.m.7 views

CVE-2026-44000 vm2: sandbox boundary bypass via host Promise resolution preserving host object identity

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the...

6.5CVSS5.5AI score0.002EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 5:23 p.m.44 views

CVE-2026-44000 vm2: sandbox boundary bypass via host Promise resolution preserving host object identity

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the...

6.5CVSS0.002EPSS
Exploits1References1
OSV
OSV
added 2026/05/07 4:29 a.m.6 views

GHSA-MPF8-4HX2-7CJG vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary

Summary A sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then callback preserves host identity. This...

6.5CVSS5.5AI score0.002EPSS
Exploits1References4
Rows per page
Query Builder