diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3214085..0fbc31b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+v3.9.16 (2023-04-11)
+--------------------
+[fix] Security fix (see https://github.com/patriksimek/vm2/issues/516).
+
 v3.9.15 (2023-04-06)
 --------------------
 [fix] Security fix (see https://github.com/patriksimek/vm2/issues/515).
diff --git a/lib/transformer.js b/lib/transformer.js
index f20a248..9919453 100644
--- a/lib/transformer.js
+++ b/lib/transformer.js
@@ -118,13 +118,13 @@ function transformer(args, body, isAsync, isGenerator, filename) {
 						__proto__: null,
 						pos: node.start,
 						order: TO_RIGHT,
-						code: `catch($tmpname){try{throw ${INTERNAL_STATE_NAME}.handleException($tmpname);}`
+						coder: () => `catch(${tmpname}){try{throw(${tmpname}=${INTERNAL_STATE_NAME}.handleException(${tmpname}));}`
 					});
 					insertions.push({
 						__proto__: null,
 						pos: node.body.end,
 						order: TO_LEFT,
-						code: `}`
+						coder: () => `}`
 					});
 				} else {
 					const name = assertType(param, 'Identifier').name;
@@ -134,7 +134,7 @@ function transformer(args, body, isAsync, isGenerator, filename) {
 							__proto__: null,
 							pos: cBody.body[0].start,
 							order: TO_LEFT,
-							code: `${name}=${INTERNAL_STATE_NAME}.handleException(${name});`
+							coder: () => `${name}=${INTERNAL_STATE_NAME}.handleException(${name});`
 						});
 					}
 				}
@@ -144,13 +144,13 @@ function transformer(args, body, isAsync, isGenerator, filename) {
 				__proto__: null,
 				pos: node.object.start,
 				order: TO_LEFT,
-				code: INTERNAL_STATE_NAME + '.wrapWith('
+				coder: () => INTERNAL_STATE_NAME + '.wrapWith('
 			});
 			insertions.push({
 				__proto__: null,
 				pos: node.object.end,
 				order: TO_RIGHT,
-				code: ')'
+				coder: () => ')'
 			});
 		} else if (nodeType === 'Identifier') {
 			if (node.name === INTERNAL_STATE_NAME) {
@@ -165,7 +165,7 @@ function transformer(args, body, isAsync, isGenerator, filename) {
 				__proto__: null,
 				pos: node.start,
 				order: TO_RIGHT,
-				code: INTERNAL_STATE_NAME + '.'
+				coder: () => INTERNAL_STATE_NAME + '.'
 			});
 		}
 	});
@@ -186,7 +186,7 @@ function transformer(args, body, isAsync, isGenerator, filename) {
 	let curr = 0;
 	for (let i = 0; i < insertions.length; i++) {
 		const change = insertions[i];
-		ncode += code.substring(curr, change.pos) + change.code.replace(/\$tmpname/g, tmpname);
+		ncode += code.substring(curr, change.pos) + change.coder();
 		curr = change.pos;
 	}
 	ncode += code.substring(curr);
diff --git a/package.json b/package.json
index 232d8af..685d41b 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,7 @@
     "alcatraz",
     "contextify"
   ],
-  "version": "3.9.15",
+  "version": "3.9.16",
   "main": "index.js",
   "sideEffects": false,
   "repository": "github:patriksimek/vm2",