Sandbox Bypass
Description
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In vm2 before 3.6.11, an infinite recursion triggers a host RangeError, allowing sandbox escape to execute arbitrary code via mainModule access.
Root
Cause
The vm2 sandbox before version 3.6.11 fails to properly handle exceptions that occur in the host environment. When untrusted code causes an infinite recursion, the JavaScript engine throws a RangeError from the host rather than the sandboxed context. This bypasses the proxy-based isolation mechanism, allowing the attacker to access the host's mainModule property [1][2].
Exploitation
An attacker can exploit this by supplying code that enters an infinite recursive call, hitting the stack call limit. The resulting RangeError object, which originates from the host, can be used to traverse to the mainModule of the host process. From there, the attacker can require modules and spawn a child process, escaping the sandbox entirely [2].
Impact
Successful exploitation allows arbitrary code execution on the host system with the privileges of the Node.js process. This represents a full sandbox escape, compromising confidentiality, integrity, and availability of the host environment [2].
Mitigation
The vulnerability was fixed in vm3.6.11 by wrapping the value conversion functions in a try-catch block to ensure exceptions from the host are properly isolated [4]. Users should update to the latest version. The vm2 maintainers also recommend adopting stronger isolation mechanisms such as separate processes or containers for running untrusted code [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vm2npm | < 3.6.11 | 3.6.11 |
Affected products
2- Range: unspecified
Patches
14b22d704e479Fixes sandbox escape (#197)
1 file changed · +16 −16
lib/contextify.js+16 −16 modified@@ -327,15 +327,15 @@ Decontextify.object = (object, traps, deepTraps, flags, mock) => { return proxy; }; Decontextify.value = (value, traps, deepTraps, flags, mock) => { - if (Contextified.has(value)) { - // Contextified object has returned back from vm - return Contextified.get(value); - } else if (Decontextify.proxies.has(value)) { - // Decontextified proxy already exists, reuse - return Decontextify.proxies.get(value); - } - try { + if (Contextified.has(value)) { + // Contextified object has returned back from vm + return Contextified.get(value); + } else if (Decontextify.proxies.has(value)) { + // Decontextified proxy already exists, reuse + return Decontextify.proxies.get(value); + } + switch (typeof value) { case 'object': if (value === null) { @@ -621,15 +621,15 @@ Contextify.object = (object, traps, deepTraps, flags, mock) => { return proxy; }; Contextify.value = (value, traps, deepTraps, flags, mock) => { - if (Decontextified.has(value)) { - // Decontextified object has returned back to vm - return Decontextified.get(value); - } else if (Contextify.proxies.has(value)) { - // Contextified proxy already exists, reuse - return Contextify.proxies.get(value); - } - try { + if (Decontextified.has(value)) { + // Decontextified object has returned back to vm + return Decontextified.get(value); + } else if (Contextify.proxies.has(value)) { + // Contextified proxy already exists, reuse + return Contextify.proxies.get(value); + } + switch (typeof value) { case 'object': if (value === null) {
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-wf5x-cr3r-xr77ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10761ghsaADVISORY
- gist.github.com/JLLeitschuh/609bb2efaff22ed84fe182cf574c023aghsaWEB
- github.com/patriksimek/vm2/commit/4b22d704e4794af63a5a2d633385fd20948f6f90ghsax_refsource_MISCWEB
- github.com/patriksimek/vm2/issues/197ghsax_refsource_MISCWEB
- github.com/patriksimek/vm2/issues/197ghsaWEB
- snyk.io/vuln/SNYK-JS-VM2-473188ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.