Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/07 4:32 a.m.13 views

Improper Isolation or Compartmentalization

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the transformer fast-path in the source instrumentation logic. An attacker can expose the internal...

6.9CVSS5.9AI score0.00248EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 4:0 a.m.21 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lib/bridge.js value-conversion paths. An attacker can extract the host Symbol.for'nodejs.util.inspect.custom' or...

10CVSS6.5AI score0.00976EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 6:27 p.m.10 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the inspect function. An attacker can execute arbitrary commands on the host system by escaping the sandbox...

9.8CVSS6.3AI score0.01155EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 6:27 p.m.10 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection via the SuppressedError. An attacker can execute arbitrary code outside the intended sandbox environment by leveraging this...

10CVSS6.4AI score0.0071EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 4:29 p.m.9 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lookupGetter method and improper context isolation. An attacker can execute arbitrary commands on the host syste...

9.8CVSS6.3AI score0.00917EPSS
Exploits1References2
Rows per page
Query Builder