A security researcher has released, yet another sandbox escape proof of concept (PoC) exploit that makes it possible to execute unsafe code on a host running the VM2 sandbox.VM2 is a specialized JavaScript sandbox used by a broad range of software tools for running and testing untrusted code in an isolated environment, preventing the code from accessing the host's system resources or external data.The library is commonly found in integrated development environments (IDEs), code editors, security tools, and various pen-testing frameworks. It counts several million downloads per month in the NPM package repository. VM2 has had several critical sandbox escape disclosures over the past two weeks discovered by different security researchers, enabling attackers to run malicious code outside the constraints of the sandboxed environment.
