Inspect method manipulation in vm2
Description
vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This vulnerability was patched in the release of version 3.9.18 of vm2. Users are advised to upgrade. Users unable to upgrade may make the inspect method readonly with vm.readonly(inspect) after creating a vm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In vm2 versions 3.9.17 and lower, a sandboxed script can obtain a read-write reference to Node's inspect method and manipulate console.log options.
Vulnerability
Overview
The vm2 sandbox library for Node.js, in versions 3.9.17 and lower, contains a vulnerability that allows untrusted code running inside the sandbox to obtain a read-write reference to Node's built-in inspect method. This is made possible through a chain of proxy traps and interactions with Node's internal error handling, as demonstrated in a proof-of-concept [3]. The root cause lies in the complex proxy-based isolation mechanism, which can be circumvented by leveraging prototype manipulation and the Buffer.prototype.copy binding [3].
Exploitation
Requirements
An attacker must be able to execute arbitrary JavaScript code within a vm2 sandbox instance. No additional authentication or network position is required beyond the ability to run code in the sandbox. Exploitation does not require any special permissions or prior knowledge of the host environment, as the attack is carried out entirely through JavaScript features available within the sandbox [1][3]. The sandbox's own proxy interception is subverted by triggering internal Node.js operations that invoke util.inspect with a crafted proxy [3].
Impact
Successful exploitation grants the attacker the ability to modify the options object for console.log calls [2][4]. While this does not directly enable arbitrary code execution outside the sandbox, it can be used to interfere with logging behavior, potentially to hide malicious activity or to cause denial of service (e.g., by making console.log crash or produce infinite output). The vendor notes that this is a sandbox bypass that weakens the isolation guarantees provided by vm2 [1][4].
Mitigation and
Status
A fix was released in vm2 version 3.9.18, and users are strongly advised to upgrade immediately [2][4]. For those who cannot upgrade, a workaround exists: after creating a VM, make the inspect method read-only by calling vm.readonly(inspect) [2][4]. Given the active development of bypasses for vm2, the project's maintainers recommend evaluating more robust isolation alternatives such as isolated-vm, worker threads, or container-level sandboxing [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vm2npm | < 3.9.18 | 3.9.18 |
Affected products
2- Range: < 3.9.18
Patches
15206ba25afd8Inspect method should be readonly
1 file changed · +5 −0
lib/vm.js+5 −0 modified@@ -44,6 +44,9 @@ const { const { VMScript } = require('./script'); +const { + inspect +} = require('util'); const objectDefineProperties = Object.defineProperties; @@ -365,6 +368,8 @@ class VM extends EventEmitter { _allowAsync: {__proto__: null, value: allowAsync} }); + this.readonly(inspect); + // prepare global sandbox if (sandbox) { this.setGlobals(sandbox);
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-p5gc-c584-jj6vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-32313ghsaADVISORY
- gist.github.com/arkark/c1c57eaf3e0a649af1a70c2b93b17550ghsax_refsource_MISCWEB
- github.com/patriksimek/vm2/commit/5206ba25afd86ef547a2c9d48d46ca7a9e6ec238ghsax_refsource_MISCWEB
- github.com/patriksimek/vm2/releases/tag/3.9.18ghsax_refsource_MISCWEB
- github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6vghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.