Product
critical
advisory
VM2 Sandbox Escape via Promise Species Manipulation
2 rules 2 TTPs 1 CVEA vulnerability in vm2 versions 3.10.3 and earlier allows attackers to bypass a previous sandbox escape fix by manipulating Promise species, leading to arbitrary code execution on the host system.
vm2
sandbox-escape
rce
javascript
2r
2t
1c
critical
advisory
VM2 Sandbox Breakout via Inspect Function Allows Remote Code Execution
2 rules 1 TTP 1 CVEA sandbox breakout vulnerability exists in VM2 through the `inspect` function, allowing attackers to escape the sandbox and execute arbitrary commands on the host system.
vm2
sandbox-escape
rce
2r
1t
1c