CVE-2026-43997
vm2: Sandbox Escape
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability is fixed in 3.11.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
patriksimek · vm2¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →