vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending). In the tested configuration, a JSPI-backed Promise can reach Promise.prototype.finally() in a way that bypasses the expected Promise-species hardening and exposes a host-originated rejection object to attacker-controlled species logic, breaking the sandbox boundary. This issue has been patched in version 3.11.4.
The flaw is that a Promise based on the WebAssembly JSPI mechanism (WebAssembly.promising / WebAssembly.Suspending) can reach the Promise.prototype.finally() method in a way that bypasses the expected Promise-species hardening protection. As a result, a rejection object from the host is exposed to attacker-controlled species logic, leading to sandbox boundary bypass. An attacker providing untrusted code for execution in vm2 can thus gain full access to the host process.
An attacker can execute arbitrary code (RCE) outside the sandbox — directly in the Node.js host process, which can lead to complete server takeover, data leakage, and violation of system integrity and availability.
vm2 should be updated to version 3.11.4 or later, in which the vulnerability has been patched. The patch is available in the GitHub repository under the v3.11.4 tag (commit 6915fa4d9bcebd47b9a4f39a1adc1aa94ef6ffc6).
The vm2 library in versions earlier than 3.11.4, running on Node.js environments exposing WebAssembly JSPI.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H