Dossier
vm2
Coverage of vm2 in the Nexus archive.
- vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been found in the vm2 Node.js library, which could allow bad actors to escape the sandbox and execute arbitrary code on susceptible systems. The vm2 library is used to run untrusted JavaScript code inside a secure sandbox. This vulnerability puts systems using the library at risk of arbitrary code execution.
- Critical vm2 sandbox bug lets attackers execute code on hosts
A critical vulnerability in vm2 allows attackers to escape the sandbox and execute arbitrary code on host systems. This bug affects the popular Node.js sandboxing library. The vulnerability can be used to compromise host systems.