Critical severityNVD Advisory· Published Feb 11, 2022· Updated Sep 16, 2024
Sandbox Bypass
CVE-2021-23555
Description
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vm2npm | < 3.9.6 | 3.9.6 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-6pw2-5hjv-9pf7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23555ghsaADVISORY
- github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4dghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-VM2-2309905ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.