A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. [...]
Critical vm2 sandbox bug lets attackers execute code on hosts
Summary + source link. No paywalls, no tracking.