Product
A sandbox breakout vulnerability exists in vm2 that allows attackers to execute arbitrary commands on the host system by exploiting a null proto exception in `handleException` to obtain proxied and unproxied objects, leading to the retrieval of the host `Function` object and subsequent remote code execution.