The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.

热门Node.js库vm2被曝出严重沙箱逃逸漏洞CVE-2026-22709，CVSS评分9.8分。该漏洞源于Promise处理程序的不当清理，攻击者可利用此漏洞逃脱沙箱并在底层操作系统执行任意代码。漏洞已在3.10.2版本中修复，但这是该库近年来遭遇的一系列沙箱逃逸漏洞之一。维护者建议用户及时更新并考虑使用isolated-vm等更安全的替代方案。

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Brainrot games have taken over Roblox, and more and more developers are coming out with creative game ideas with them. One of the games that caught my eye recently was Catch and Feed a Brainrot, which ...

Twenty-five games into the 2024-25 season, the Indiana Pacers, returning Eastern Conference Finalists, had a 10–15 record and a slew of injuries. Star Tyrese Haliburton took the brunt of the blame — ...

(CNN) — Twenty-five games into the 2024-25 season, the Indiana Pacers, returning Eastern Conference Finalists, had a 10–15 record and a slew of injuries. Star Tyrese Haliburton took the brunt of the ...