Name of the Vulnerable Software and Affected Versions lighter-vm versions (affected versions not specified)

Description The issue allows for Sandbox Escape, leading to Remote Code Execution. It is caused by a failure to restrict access to the main context through this.constructor.constructor. This could enable attackers to execute arbitrary code in the system. For example, evaluating the payload this.constructor.constructor('return process.env')() can print the contents of process.env.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.