Lucene search
+L

11 matches found

Cvelist
Cvelist
added 2026/06/12 2:15 p.m.29 views

CVE-2026-47137 vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...

10CVSS0.00382EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 2:15 p.m.3 views

CVE-2026-47137 vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...

10CVSS5.9AI score0.00382EPSS
Exploits0References7
CVE
CVE
added 2026/06/12 2:15 p.m.28 views

CVE-2026-47137

Summary (CVE-2026-47137): The vm2 sandbox (NodeVM) had a bypass in versions prior to 3.11.4 where nesting: true with an unspecified require allowed full host RCE. The issue arose because a security check (options.nesting === true && options.require === false) only catches explicit require: false;...

10CVSS5.1AI score0.00382EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 5:50 p.m.19 views

vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE

Summary The fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is trivially bypassed by omitting the require option entirely. When...

10CVSS6.3AI score0.0279EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/29 5:50 p.m.30 views

GHSA-M4WX-M65X-GHRR vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE

Summary The fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is trivially bypassed by omitting the require option entirely. When...

10CVSS6.1AI score0.00382EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/13 5:33 p.m.73 views

CVE-2026-44007 vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require'vm2' regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM wi...

9.1CVSS0.009EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 5:33 p.m.9 views

CVE-2026-44007 vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require'vm2' regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM wi...

9.1CVSS6.2AI score0.009EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 5:33 p.m.37 views

CVE-2026-44007

vm2 contains a vulnerability where creating a NodeVM with nesting: true allows sandbox code to bypass outer VM restrictions (e.g., require: false) and construct an inner NodeVM with unrestricted require settings to execute host commands. Affected: vm2 versions up to 3.11.0 (and prior to 3.11.1). ...

9.9CVSS6.2AI score0.009EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/13 5:33 p.m.4 views

CVE-2026-44007 vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require'vm2' regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM wi...

9.1CVSS7.5AI score0.009EPSS
Exploits1References7
OSV
OSV
added 2026/05/07 5:13 a.m.74 views

GHSA-8HG8-63C5-GWMX vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

Summary When a NodeVM is created with nesting: true, sandbox code can unconditionally require'vm2' regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes...

9.1CVSS6.5AI score0.009EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/07 5:13 a.m.23 views

vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

Summary When a NodeVM is created with nesting: true, sandbox code can unconditionally require'vm2' regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes...

9.9CVSS6.5AI score0.009EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder