CVE-2021-23449

More information about this CVE will likely be available in a few days.

Description

This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine.

Related CPE's

Could not find any relations

References

https://github.com/patriksimek/vm2/issues/363

https://snyk.io/vuln/SNYK-JS-VM2-1585918

https://github.com/patriksimek/vm2/releases/tag/3.9.4

https://github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io