Laverdet

**Name of the Vulnerable Software and Affected Versions** isolated-vm versions 4.3.6 and prior **Description** The issue allows attackers to bypass the sandbox and run arbitrary code in the nodejs process if untrusted v8 cached data is passed to the API through `CachedDataOptions`. This can be exploited by passing malicious `cachedData` payloads. Version 4.3.7 updates the documentation to warn users against accepting `cachedData` payloads from untrusted sources. **Recommendations** For versions 4.3.6 and prior, as a temporary workaround, consider restricting the use of `CachedDataOptions` to prevent the acceptance of untrusted `cachedData` payloads until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.