3.9.19
10 years ago
1 years ago
Package is deprecated
Known vulnerabilities in the vm2 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to insufficient checks which allow an attacker to escape the sandbox. Note: According to the maintainer, the security issue cannot be properly addressed and the library will be discontinued. How to fix Remote Code Execution (RCE)? There is no fixed version for | * |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Remote Code Execution (RCE) such that the Note: According to the maintainer, the security issue cannot be properly addressed and the library will be discontinued. How to fix Remote Code Execution (RCE)? There is no fixed version for | * |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Sandbox Bypass by abusing an unexpected creation of a host object based on the maliciously crafted specification of How to fix Sandbox Bypass? Upgrade | <3.9.18 |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade | <3.9.18 |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions due to allowing attackers to raise an unsanitized host exception inside How to fix Improper Handling of Exceptional Conditions? Upgrade | <3.9.17 |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Sandbox Escape. There exists a vulnerability in source code transformer (exception sanitization logic), allowing attackers to bypass How to fix Sandbox Escape? Upgrade | <3.9.16 |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Sandbox Escape due to improper handling of host objects passed to How to fix Sandbox Escape? Upgrade | <3.9.15 |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the How to fix Arbitrary Code Execution? Upgrade | <3.9.10 |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Sandbox Bypass via indirect access to How to fix Sandbox Bypass? Upgrade | <3.9.11 |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. How to fix Sandbox Bypass? Upgrade | <3.9.6 |
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. PoC
How to fix Sandbox Bypass? Upgrade | <3.9.4 |