Bleeping Computer

Critical VM2 flaw lets attackers run code outside the sandbox

Researchers are warning of a critical remote code execution flaw in 'vm2', a JavaScript sandbox library downloaded over 16 million times per month via the NPM package repository. The vm2 vulnerability ...