Description
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
Remediation
References
https://github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886
https://github.com/patriksimek/vm2/issues/363
https://github.com/patriksimek/vm2/releases/tag/3.9.4
https://security.netapp.com/advisory/ntap-20211029-0010/
https://snyk.io/vuln/SNYK-JS-VM2-1585918
Related Vulnerabilities
CVE-2021-26544 Vulnerability in maven package org.apache.livy:livy-server
CVE-2022-1295 Vulnerability in maven package org.webjars.bowergithub.alvarotrigo:fullpage.js
CVE-2020-28458 Vulnerability in maven package org.webjars.bower:datatables.net
CVE-2017-15707 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2020-9298 Vulnerability in maven package com.netflix.spinnaker.orca:orca-core