Critical vm2 flaws let attackers escape Node.js sandboxes and run host commands

Multiple critical vulnerabilities in the vm2 Node.js sandbox library can let attackers break out of the sandbox and execute commands on the host system. The flaws affect applications that use vm2 to run untrusted JavaScript, including code runners, plugin systems, workflow tools, testing platforms, and internal automation services. The newest safe upgrade target is vm2 […] The post Critical vm2 flaws let attackers escape Node.js sandboxes and run host commands appeared first on VPN Central.