Budibase affected by VM2 Constructor Escape Vulnerability
Impact Previously, budibase used a library called vm2 for code execution inside the Budibase builder and apps, such as the UI below for configuring bindings in the design section. Due to a vulnerability in vm2, any environment that executed the code server side (automations and column formulas) was susceptible to this vulnerability, allowing users to escape the sandbox provided by vm2, and to expose server side variables such as process.env. …