Lucene search
K

10 matches found

Snyk
Snyk
added 2026/05/07 4:29 a.m.24 views

Improper Isolation or Compartmentalization

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the globalPromise.prototype.then onFulfilled wrapper in the Promise bridge. An attacker can supply...

7.2CVSS6AI score0.002EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 4:29 a.m.10 views

Improper Isolation or Compartmentalization

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the globalPromise.prototype.then onFulfilled wrapper in the Promise bridge. An...

7.2CVSS5.6AI score0.002EPSS
Exploits1References2
NVD
NVD
added 2026/01/26 10:15 p.m.7 views

CVE-2026-22709

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...

10CVSS0.01222EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/26 9:32 p.m.3 views

CVE-2026-22709 vm2 has a Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...

9.8CVSS5.9AI score0.01222EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/26 9:32 p.m.3 views

CVE-2026-22709

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...

9.8CVSS5.9AI score0.01222EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/01/26 6:57 p.m.6 views

Improper Control of Dynamically-Managed Code Resources

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources due to the unsafe usage of the .call with globalPromise.prototype.then callback function. An...

10CVSS6.2AI score0.01222EPSS
Exploits1References3
OSV
OSV
added 2026/01/26 6:57 p.m.2 views

GHSA-99P7-6V5W-7XG8 vm2 has a Sandbox Escape

In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. js const VM = require"vm2"; const code = const error = new Error; error.name = Symbol; const f = async = error.stack...

9.8CVSS7.3AI score0.01222EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/01/26 6:57 p.m.7 views

vm2 has a Sandbox Escape

In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. js const VM = require"vm2"; const code = const error = new Error; error.name = Symbol; const f = async = error.stack...

10CVSS6AI score0.01222EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.5 views

PT-2026-4821

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.2 Description vm2 is a Node.js library used to create sandboxed environments for executing untrusted code. A flaw exists in versions prior to 3.10.2 where the sanitization of Promise.prototype.then and...

10CVSS9AI score0.01222EPSS
Exploits1References58
OSV
OSV
added 2024/08/14 12:0 p.m.4 views

RUSTSEC-2024-0444 Uncaught exception when transitioning the state of `AsyncGenerator` objects from within a property getter of `then`

A wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Details Boa's implementation of AsyncGenerator makes the assumption that the state of an AsyncGenerator object cannot change while resolving a promise created by method...

8.6CVSS7AI score0.00601EPSS
Exploits0References5
Rows per page
Query Builder