Prototype Pollution in vm2

GHSA-rjf2-j2r6-q8gr · CVE-2021-23449

Published Oct 19, 2021 · Modified Mar 13, 2026

Description

This affects the package vm2 before 3.9.4. Prototype Pollution attack vector can lead to sandbox escape and execution of arbitrary code on the host machine.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-23449
WEB https://github.com/patriksimek/vm2/issues/363
WEB https://github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886
PACKAGE https://github.com/patriksimek/vm2
WEB https://github.com/patriksimek/vm2/releases/tag/3.9.4
WEB https://security.netapp.com/advisory/ntap-20211029-0010
WEB https://snyk.io/vuln/SNYK-JS-VM2-1585918

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes