A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback functions, allowing remote code execution without authentication or user interaction. Vulnerability Overview The vm2 library, deployed across 273,000 projects on npm, […] The post Critical vm2 Flaw Lets Attackers Bypass Sandbox and Execute Arbitrary Code in Node.js appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/critical-vm2-flaw-arbitrary-code-in-node-js/
