InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
Dark Reading

Critical Open Source vm2 Sandbox Escape Bug Affects Millions

A remote code execution (RCE) vulnerability in a widely used JavaScript sandbox has earned a top rating of 10 on the CVSS vulnerability risk scale; it allows threat actors to execute a sandbox escape ...
Bleeping Computer

New sandbox escape PoC exploit available for VM2 library, patch now

A security researcher has released, yet another sandbox escape proof of concept (PoC) exploit that makes it possible to execute unsafe code on a host running the VM2 sandbox. VM2 is a specialized ...
Bleeping Computer

Latest Sandbox Escape news

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. Attackers have been exploiting a zero-day ...