Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sandbox Bypass
Vulnerability Description
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
vm2 安全漏洞
Vulnerability Description
Vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2存在安全漏洞,该漏洞源于在生成堆栈跟踪时,通过直接访问节点内部生成的主机错误对象,很容易受到沙盒绕过的攻击,这可能导致在主机上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A