Product
A vulnerability in vm2's NodeVM, when nesting is enabled, allows sandbox code to bypass require restrictions, enabling arbitrary OS command execution on the host.