12 matches found
ROOT-APP-NPM-CVE-2026-47137 CVE-2026-47137 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-47137 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-47208 CVE-2026-47208 in @rootio/vm2 - Patched by Root
Root has patched CVE-2026-47208 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2023-32314 CVE-2023-32314 in @rootio/vm2 - Patched by Root
Root has patched CVE-2023-32314 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
NPM: vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`
NPM: vm2 has access to VM2INTERNALSTATEDONOTUSEORPROGRAMWILLFAIL vulnerability discovered by ? in WordPress Npm vm2 versions 3.11.2...
org.webjars.npm:degenerator (=4.0.4), org.webjars.npm:pac-resolver (=6.0.2) +1 more potentially affected by CVE-2026-44001 via org.webjars.npm:vm2 (=3.9.19)
org.webjars.npm:vm2 MAVEN version =3.9.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vm2 and may be impacted: - org.webjars.npm:degenerator =4.0.4 - org.webjars.npm:pac-resolver =6.0.2 - org.webjars.npm:rocket.chatapps-engine =1.35...
The vulnerability of the Error.prepareStackTrace object in the vm2 package manager NPM allows a attacker to exit from a isolated programming environment and execute arbitrary code.
The vulnerability of the Error.prepareStackTrace object in the vm2 package manager’s library is related to incorrect handling of objects in memory. Exploiting this vulnerability can allow a remote attacker to exit from a isolated programming environment and execute arbitrary code...
vm2 vulnerable to Arbitrary Code Execution
The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...
Code injection
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...
CVE-2021-23555
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...
Improper access control
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...
CVE-2021-23555 Sandbox Bypass
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...
CVE-2021-23449
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine...