Sandbox Escape in vm2@3.9.15 #516
Comments
|
Done, appreciate the fast response! |
|
Thanks for the report. |
|
Fixed in release 3.9.16 (see advisory GHSA-xj72-wvfv-8985) |
kirk-sayre-work
added a commit
to kirk-sayre-work/box-js
that referenced
this issue
Apr 12, 2023
4 tasks
lucasmarshall
pushed a commit
to supaglue-labs/supaglue
that referenced
this issue
May 16, 2023
Fixes: 9.8 CVSS Critical vulnerability Bump vm2 version in package.json Please see: https://security.snyk.io/vuln/SNYK-JS-VM2-5422057 patriksimek/vm2#516 GHSA-xj72-wvfv-8985 https://github.com/patriksimek/vm2/releases/tag/3.9.16
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, this is Xion (SeungHyun Lee) from KAIST Hacking Lab.
We have found a sandbox escape vulnerability in the vm2@3.9.15 (latest).
As this is a security issue we would like to contact the administrators via email, but could not find any point of contact.
Could the administrators share an email address to send the vulnerability report? @XmiliaH @patriksimek
Regards,
Xion.
The text was updated successfully, but these errors were encountered: