2 matches found
CVE-2026-44003
vm2 (Node.js sandbox) prior to version 3.11.0 includes a transformer fast-path that bypasses AST analysis when code does not contain catch, import, or async, allowing sandboxed code to access internal state VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL and its security helpers (handleExcepti...
CVE-2026-44003
creationtimestamp| type| source ---|---|--- 2026-05-01 20:44:52+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7...