Nyariv

Sandboxjs

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2026-43898

Exploit
  • EPSS 0.47%
  • Veröffentlicht 28.05.2026 17:50:31
  • Zuletzt bearbeitet 28.05.2026 20:16:23

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled...

7.2

CVE-2026-34217

Exploit
  • EPSS 0.29%
  • Veröffentlicht 06.04.2026 15:12:52
  • Zuletzt bearbeitet 09.04.2026 18:03:17

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing s...

7.5

CVE-2026-34211

Exploit
  • EPSS 0.4%
  • Veröffentlicht 06.04.2026 15:10:42
  • Zuletzt bearbeitet 09.04.2026 18:05:21

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted...

10

CVE-2026-34208

Exploit
  • EPSS 0.56%
  • Veröffentlicht 06.04.2026 15:09:28
  • Zuletzt bearbeitet 09.04.2026 18:07:20

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can be bypassed through an exposed callable constructor path: this.constructor.ca...

4.7

CVE-2026-32723

Exploit
  • EPSS 0.15%
  • Veröffentlicht 18.03.2026 21:27:35
  • Zuletzt bearbeitet 19.03.2026 19:20:39

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state (`currentTicks.current`) is shared between sandboxes. Timer string handlers are compiled at execution time using that ...

10

CVE-2026-26954

Exploit
  • EPSS 0.55%
  • Veröffentlicht 13.03.2026 15:51:13
  • Zuletzt bearbeitet 17.03.2026 20:13:06

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Funct...

10

CVE-2026-25881

Exploit
  • EPSS 0.55%
  • Veröffentlicht 09.02.2026 21:12:58
  • Zuletzt bearbeitet 18.02.2026 18:07:12

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prot...

10

CVE-2026-25586

Exploit
  • EPSS 0.64%
  • Veröffentlicht 06.02.2026 19:54:38
  • Zuletzt bearbeitet 18.02.2026 14:32:36

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to __p...

10

CVE-2026-25520

Exploit
  • EPSS 0.78%
  • Veröffentlicht 06.02.2026 19:53:24
  • Zuletzt bearbeitet 18.02.2026 14:33:15

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obt...

10

CVE-2026-25587

Exploit
  • EPSS 0.65%
  • Veröffentlicht 06.02.2026 19:51:56
  • Zuletzt bearbeitet 18.02.2026 14:31:17

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29.