Showing with 26 additions and 5 deletions.
  1. +4 −0 CHANGELOG.md
  2. +21 −4 lib/setup-sandbox.js
  3. +1 −1 package.json
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
v3.9.15 (2023-04-06)
--------------------
[fix] Security fix (see https://github.com/patriksimek/vm2/issues/515).

v3.9.14 (2023-02-05)
--------------------
[new] Support conditional export resolution with custom resolver. (nick-klaviyo)
Expand Down
25 changes: 21 additions & 4 deletions lib/setup-sandbox.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,13 +276,30 @@ if (typeof OriginalCallSite === 'function') {
return;
}
const newWrapped = (error, sst) => {
const sandboxSst = ensureThis(sst);
if (localArrayIsArray(sst)) {
for (let i=0; i < sst.length; i++) {
const cs = sst[i];
if (typeof cs === 'object' && localReflectGetPrototypeOf(cs) === OriginalCallSite.prototype) {
sst[i] = new CallSite(cs);
if (sst === sandboxSst) {
for (let i=0; i < sst.length; i++) {
const cs = sst[i];
if (typeof cs === 'object' && localReflectGetPrototypeOf(cs) === OriginalCallSite.prototype) {
sst[i] = new CallSite(cs);
}
}
} else {
sst = [];
for (let i=0; i < sandboxSst.length; i++) {
const cs = sandboxSst[i];
localReflectDefineProperty(sst, i, {
__proto__: null,
value: new CallSite(cs),
enumerable: true,
configurable: true,
writable: true
});
}
}
} else {
sst = sandboxSst;
}
return value(error, sst);
};
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
"alcatraz",
"contextify"
],
"version": "3.9.14",
"version": "3.9.15",
"main": "index.js",
"sideEffects": false,
"repository": "github:patriksimek/vm2",
Expand Down