Critical severity9.8NVD Advisory· Published Oct 18, 2021· Updated Jun 17, 2026
CVE-2021-23449
CVE-2021-23449
Description
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vm2npm | < 3.9.4 | 3.9.4 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
8- github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886nvdPatchThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-JS-VM2-1585918nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-rjf2-j2r6-q8grghsaADVISORY
- github.com/patriksimek/vm2/issues/363nvdThird Party AdvisoryWEB
- github.com/patriksimek/vm2/releases/tag/3.9.4nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-23449ghsaADVISORY
- security.netapp.com/advisory/ntap-20211029-0010/nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20211029-0010ghsaWEB
News mentions
0No linked articles in our index yet.