Hongancalif

**Name of the Vulnerable Software and Affected Versions** vm2 versions 3.9.6 through 3.10.5 **Description** The bridge in vm2 exposes mutable proxies for host-realm intrinsic prototypes and forwards sandbox writes into underlying host objects using `otherReflectSet()` and `otherReflectDefineProperty()`. This allows attacker-controlled JavaScript running in a default VM or inherited NodeVM to mutate shared host `Object.prototype`, `Array.prototype`, and `Function.prototype` from within the sandbox, leading to prototype pollution and sandbox escape. The issue occurs because `BaseHandler.apply()` invokes host functions that can surface a prototype getter, and `BaseHandler.get()` allows an attacker to reuse the host ` lookupGetter (' proto ')` accessor to reach host prototypes. Subsequently, `BaseHandler.set()` and `BaseHandler.defineProperty()` write attacker-controlled data directly into shared host objects. **Recommendations** Update to version 3.11.0.

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 16.14.0 and 15.104.0 Description Frappe, a full-stack web application framework, contains a SQL injection issue in the `bulk update` function. Recommendations Update to version 16.14.0 or 15.104.0.