{"vulnerability": "CVE-2023-37466", "sightings": [{"uuid": "4946eb4c-eb3f-4440-900d-af031ebdae42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37466", "type": "seen", "source": "https://t.me/cibsecurity/66711", "content": "\u203c CVE-2023-37466 \u203c\n\nvm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-14T07:11:58.000000Z"}, {"uuid": "21e36b89-b040-493c-9ddd-9e7e3ef72f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37466", "type": "seen", "source": "https://t.me/ctinow/177684", "content": "https://ift.tt/oO9Y4mZ\nCVE-2023-37466 Exploit", "creation_timestamp": "2024-02-01T17:16:30.000000Z"}, {"uuid": "988dacb1-18bb-4d76-b62b-0349341fdf39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-37466", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5", "content": "", "creation_timestamp": "2023-07-12T12:40:24.000000Z"}, {"uuid": "7ab01b0b-6f12-47d7-89ba-c295cfbe498d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37466", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3ml2azcq27d2c", "content": "\ud83d\udea8 EUVD-2026-26986\n\ud83d\udcca 9.8/10\n\ud83c\udfe2 patriksimek\n\n\ud83d\udcdd vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing att...\n\n\ud83d\udd17 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-26986\n\n#cybersecurity #infosec #cve #euvd", "creation_timestamp": "2026-05-04T18:03:14.785539Z"}, {"uuid": "f96fd294-6858-489b-8f07-600b1931dc60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37466", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2ckkquyt2l", "content": "\ud83d\udd34 CVE-2026-24120 - Critical (9.8)\n\nvm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-24120/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T18:30:48.671010Z"}, {"uuid": "7d81a0e6-3bbf-4e17-b8d7-8bbc2eaa9def", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37466", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlicivo2zc2f", "content": "\ud83d\udccc CVE-2026-24120 - vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing att... https://www.cyberhub.blog/cves/CVE-2026-24120", "creation_timestamp": "2026-05-10T08:07:08.195096Z"}]}