Bleeping Computer

Exploit available for critical bug in VM2 JavaScript sandbox library

Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely ...
Dark Reading

Critical Open Source vm2 Sandbox Escape Bug Affects Millions

A remote code execution (RCE) vulnerability in a widely used JavaScript sandbox has earned a top rating of 10 on the CVSS vulnerability risk scale; it allows threat actors to execute a sandbox escape ...