A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Dahl在2009年一手搞出Node.js，推动了异步I/O和事件驱动编程的普及，让 Java 从浏览器杀到服务器，改变了整个后端生态，同时这个框架也经常被用于前端工程化工具的开发。 大佬后来又创办Deno，修正了自己当年公开承认的Node设计缺陷（如 回调 地狱和模块系统），目前他依然活跃在Deno项目中。

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Prevent AI-generated tech debt with Skeleton ...

Staying ahead of the curve is no longer a choice. It has become a necessity. As of November 2024, Node.js powers 3.9% of websites globally, according to Web Technology Surveys. That includes giants ...

Register Domain SA is a leading domain registrar with over 15 years of experience and has recently launched new app hosting ...