A critical vulnerability in vm2 may allow a remote attacker to escape the sandbox and execute arbitrary code on the host.
A highly popular JavaScript sandbox library with more than 16 million monthly downloads, vm2 supports the execution of untrusted code synchronously in a single process.
This article has been indexed from SecurityWeek RSS Feed
Read the original article: