This repository has been archived by the owner on Jan 1, 2025. It is now read-only.
Sandbox Escape in [email protected] #516
Comments
|
Done, appreciate the fast response! |
|
Thanks for the report. |
|
Fixed in release 3.9.16 (see advisory GHSA-xj72-wvfv-8985) |
kirk-sayre-work
added a commit
to kirk-sayre-work/box-js
that referenced
this issue
Apr 12, 2023
4 tasks
lucasmarshall
pushed a commit
to supaglue-labs/supaglue
that referenced
this issue
May 16, 2023
Fixes: 9.8 CVSS Critical vulnerability Bump vm2 version in package.json Please see: https://security.snyk.io/vuln/SNYK-JS-VM2-5422057 patriksimek/vm2#516 GHSA-xj72-wvfv-8985 https://github.com/patriksimek/vm2/releases/tag/3.9.16
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello, this is Xion (SeungHyun Lee) from KAIST Hacking Lab.
We have found a sandbox escape vulnerability in the [email protected] (latest).
As this is a security issue we would like to contact the administrators via email, but could not find any point of contact.
Could the administrators share an email address to send the vulnerability report? @XmiliaH @patriksimek
Regards,
Xion.
The text was updated successfully, but these errors were encountered: