Medium
Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of servuce condition on the system.
Node.js
Upgrade to the latest version of vm2, available from the vm2 GIT Repository.