CVE-2021-23555

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.9.6

Description The issue allows for Sandbox Bypass via direct access to host error objects generated by node internals during generation of stacktraces. This can lead to execution of arbitrary code on the host machine.

Recommendations For versions prior to 3.9.6, update to version 3.9.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vm2 package until a patch is applied.