CVE-2021-23449
npm/vm2
Improperly Controlled Modification of Dynamically-Determined Object Attributes
This affects the package vm2 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
All versions before 3.9.4
Upgrade to version 3.9.4 or above.
2021-10-25
source |