CVE-2021-23449
Improperly Controlled Modification of Dynamically-Determined Object Attributes in npm/vm2
Identifiers
CVE-2021-23449
Package Slug
npm/vm2
Vulnerability
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Description
This affects the package vm2 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
Affected Versions
All versions before 3.9.4
Solution
Upgrade to version 3.9.4 or above.
Last Modified
2021-10-25
| source |