Vulnerabilities > VM2 Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-21 | CVE-2023-37903 | OS Command Injection vulnerability in VM2 Project VM2 vm2 is an open source vm/sandbox for Node.js. | 10.0 |
| 2023-07-14 | CVE-2023-37466 | Code Injection vulnerability in VM2 Project VM2 vm2 is an advanced vm/sandbox for Node.js. | 10.0 |
| 2023-05-15 | CVE-2023-32313 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with Node's built-in modules. | 5.3 |
| 2023-05-15 | CVE-2023-32314 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with Node's built-in modules. | 10.0 |
| 2023-04-17 | CVE-2023-30547 | Unspecified vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. | 10.0 |
| 2023-04-14 | CVE-2023-29199 | Improper Control of Dynamically-Managed Code Resources vulnerability in VM2 Project VM2 There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. | 10.0 |
| 2022-09-06 | CVE-2022-36067 | Improper Control of Dynamically-Managed Code Resources vulnerability in VM2 Project VM2 vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. | 10.0 |
| 2022-02-11 | CVE-2021-23555 | Unspecified vulnerability in VM2 Project VM2 The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. | 10.0 |
| 2021-10-18 | CVE-2021-23449 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in VM2 Project VM2 This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. | 7.5 |