Critical Vulnerabilities in vm2 JavaScript Sandbox Library

Multiple critical vulnerabilities have been disclosed in vm2, a widely used JavaScript sandbox library for Node.js, allowing attackers to escape the sandbox and execute arbitrary code on the host system. The flaws affect environments where untrusted JavaScript code is processed, particularly in exposed user-facing applications. The recommended mitigation is to update to vm2 version 3.11.2, with heightened urgency for systems handling untrusted input. No specific CVE identifiers, exploit details, or exact publication dates were provided in the notice. The impact includes full host system compromise if exploited successfully.