GHSA-22RR-F3P8-5GF8 Directus affected by VM2 sandbox escape vulnerability
Impact In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Within Directus this applies to the "Run Script" operation in flows being able to escape the sandbox running code in the main nodejs context...