You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions due to allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
Detailed paths
Overview
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions due to allowing attackers to raise an unsanitized host exception inside
handleException()
which can be used to escape the sandbox and run arbitrary code in host context.Remediation
Upgrade
vm2
to version 3.9.17 or higher.References
SNYK-JS-VM2-5426093
(CVE-2023-30547) vm2@3.9.11
The text was updated successfully, but these errors were encountered: