You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to insufficient checks which allow an attacker to escape the sandbox.
Note:
According to the maintainer, the security issue cannot be properly addressed and the library will be discontinued.
Detailed paths
Overview
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
Affected versions of this package are vulnerable to Remote Code Execution (RCE) due to insufficient checks which allow an attacker to escape the sandbox.
Note:
According to the maintainer, the security issue cannot be properly addressed and the library will be discontinued.
Remediation
There is no fixed version for
vm2
.References
SNYK-JS-VM2-5772823
vm2@3.9.11
The text was updated successfully, but these errors were encountered: