The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| vm2(npm) | 0 | 3.9.6 | N/A |
CVSS Metrics
