Vm2 · Vm2 · CVE-2022-25893
**Name of the Vulnerable Software and Affected Versions**
vm2 versions prior to 3.9.10
**Description**
The issue is related to Arbitrary Code Execution due to the usage of prototype lookup for the `WeakMap.prototype.set` method. This allows access to a host object and can lead to a sandbox compromise.
**Recommendations**
For versions prior to 3.9.10, update to version 3.9.10 or later to resolve the issue. As a temporary workaround, consider restricting the usage of the `WeakMap.prototype.set` method until a patch is applied.