JavaScript Sandbox vm2: Critical Vulnerability Allows Escape

The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.
SecurityWeek

N8n Vulnerabilities Could Lead to Remote Code Execution

Two vulnerabilities in n8n’s sandbox mechanism could be exploited for remote code execution (RCE) on the host system.
CSO Online

Critical RCE bugs expose the n8n automation platform to host‑level compromise

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...
Dark Reading

Critical Open Source vm2 Sandbox Escape Bug Affects Millions

A remote code execution (RCE) vulnerability in a widely used JavaScript sandbox has earned a top rating of 10 on the CVSS vulnerability risk scale; it allows threat actors to execute a sandbox escape ...