The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vm2 | Vm2_project | * | 3.9.6 (excluding) |