Vulnerabilities > VM2 Project

DATE CVE VULNERABILITY TITLE RISK
2023-07-21 CVE-2023-37903 OS Command Injection vulnerability in VM2 Project VM2
vm2 is an open source vm/sandbox for Node.js.
network
low complexity
vm2-project CWE-78
critical
10.0
2023-07-14 CVE-2023-37466 Code Injection vulnerability in VM2 Project VM2
vm2 is an advanced vm/sandbox for Node.js.
network
low complexity
vm2-project CWE-94
critical
10.0
2023-05-15 CVE-2023-32313 Unspecified vulnerability in VM2 Project VM2
vm2 is a sandbox that can run untrusted code with Node's built-in modules.
network
low complexity
vm2-project
5.3
2023-05-15 CVE-2023-32314 Unspecified vulnerability in VM2 Project VM2
vm2 is a sandbox that can run untrusted code with Node's built-in modules.
network
low complexity
vm2-project
critical
10.0
2023-04-17 CVE-2023-30547 Unspecified vulnerability in VM2 Project VM2
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
network
low complexity
vm2-project
critical
10.0
2023-04-14 CVE-2023-29199 Improper Control of Dynamically-Managed Code Resources vulnerability in VM2 Project VM2
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.
network
low complexity
vm2-project CWE-913
critical
10.0
2022-09-06 CVE-2022-36067 Improper Control of Dynamically-Managed Code Resources vulnerability in VM2 Project VM2
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
network
low complexity
vm2-project CWE-913
critical
10.0
2022-02-11 CVE-2021-23555 Unspecified vulnerability in VM2 Project VM2
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
network
low complexity
vm2-project
critical
10.0
2021-10-18 CVE-2021-23449 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in VM2 Project VM2
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
network
low complexity
vm2-project CWE-915
7.5