Nixpkgs Security Tracker

Untriaged

Permalink CVE-2026-22709

created 2 weeks, 2 days ago

vm2 has a Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.

Affected products

vm2

==< 3.10.2

Matching in nixpkgs

pkgs.lvm2

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.35
- nixpkgs-unstable 2.03.35
- nixos-unstable-small 2.03.35
nixos-25.05 2.03.31
- nixos-25.05-small 2.03.31
- nixpkgs-25.05-darwin 2.03.31

pkgs.lvm2_vdo

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.35
- nixpkgs-unstable 2.03.35
- nixos-unstable-small 2.03.35
nixos-25.05 2.03.31
- nixos-25.05-small 2.03.31
- nixpkgs-25.05-darwin 2.03.31

pkgs.lvm2_dmeventd

Tools to support Logical Volume Management (LVM) on Linux

nixos-unstable 2.03.35
- nixpkgs-unstable 2.03.35
- nixos-unstable-small 2.03.35
nixos-25.05 2.03.31
- nixos-25.05-small 2.03.31
- nixpkgs-25.05-darwin 2.03.31

pkgs.docker-machine-kvm2

KVM2 driver for docker-machine

nixos-unstable kvm2-1.37.0
- nixpkgs-unstable kvm2-1.37.0
- nixos-unstable-small kvm2-1.37.0
nixos-25.05 kvm2-1.34.0
- nixos-25.05-small kvm2-1.34.0
- nixpkgs-25.05-darwin kvm2-1.34.0

Package maintainers

@AtkinsChang Atkins Chang <atkinschang+nixpkgs@gmail.com>
@tadfisher Tad Fisher <tadfisher@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@ajs124 Andreas Schrägle <nix@ajs124.de>

Suggestions search

Affected products

Matching in nixpkgs

pkgs.lvm2

pkgs.lvm2_vdo

pkgs.lvm2_dmeventd

pkgs.docker-machine-kvm2

Package maintainers