Critical Sandbox Escape Vulnerabilities Disclosed in vm2 Node.js Library

The Node.js sandboxing library vm2 has disclosed 12 critical vulnerabilities that allow attackers to escape the sandbox and execute arbitrary code on the host. Public proof-of-concept exploits are available.

**If you use vm2 to run untrusted code, update to version 3.11.2 ASAP. Given the repeated sandbox escapes in this library, consider moving high-risk script execution to more secure isolation layers like gVisor or lightweight virtual machines.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-sandbox-escape-in-vm2-library-allows-remote-code-execution-2-l-q-y-s/gD2P6Ple2L