0.002 Low
EPSS
Percentile
53.4%
vm2 is vulnerable to remote code execution (RCE). The attack is possible due to the generation of RangeError when a Maximum call stack size is exceeded during the sandboxing of the evaluation of code used within the eval function.
RangeError
github.com/advisories/GHSA-wf5x-cr3r-xr77
github.com/patriksimek/vm2/commit/4b22d704e4794af63a5a2d633385fd20948f6f90
github.com/patriksimek/vm2/issues/197