Information security
fromInfoWorld
5 days ago13 new critical holes in JavaScript sandbox allow execution of arbitrary code
Sandboxing untrusted JavaScript in vm2 is fragile because sandbox escapes can enable full system compromise when credentials, secrets, filesystem, network, or deployment privileges are accessible.