You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerable Package issue exists @ Npm-vm2-3.9.11 in branch main
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to "Error.prepareStackTrace" in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
Vulnerable Package issue exists @ Npm-vm2-3.9.11 in branch main
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to "Error.prepareStackTrace" in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
Namespace: westonphillips
Repository: CheckmarxOnePOV
Repository Url: https://github.com/westonphillips/CheckmarxOnePOV
CxAST-Project: westonphillips/CheckmarxOnePOV
CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c
Branch: main
Application: CheckmarxOnePOV
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-913
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: HIGH
Remediation Upgrade Recommendation: 3.9.16
References
Advisory
Issue
Commit
Release Note
The text was updated successfully, but these errors were encountered: