patriksimek/vm2

Sandbox Escape in vm2@3.9.15

leesh3288 opened this issue · 3 comments

Hello, this is Xion (SeungHyun Lee) from KAIST Hacking Lab.

We have found a sandbox escape vulnerability in the vm2@3.9.15 (latest).
As this is a security issue we would like to contact the administrators via email, but could not find any point of contact.

Could the administrators share an email address to send the vulnerability report? @XmiliaH @patriksimek

Regards,
Xion.

Done, appreciate the fast response!

Thanks for the report.

Fixed in release 3.9.16 (see advisory GHSA-xj72-wvfv-8985)