Impact
In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Within Directus this applies to the "Run Script" operation in flows being able to escape the sandbox running code in the main nodejs context.
Patches
Patched in v10.6.0 by replacing vm2
with isolated-vm
Workarounds
None
References
GHSA-cchq-frgv-rjh5
Impact
In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Within Directus this applies to the "Run Script" operation in flows being able to escape the sandbox running code in the main nodejs context.
Patches
Patched in v10.6.0 by replacing
vm2
withisolated-vm
Workarounds
None
References
GHSA-cchq-frgv-rjh5