- EPSS 0.22%
- Veröffentlicht 02.02.2026 23:16:09
- Zuletzt bearbeitet 18.02.2026 14:34:30
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixe...
- EPSS 0.2%
- Veröffentlicht 27.01.2026 23:32:16
- Zuletzt bearbeitet 12.02.2026 20:47:16
SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Functio...
- EPSS 0.38%
- Veröffentlicht 31.07.2025 15:15:36
- Zuletzt bearbeitet 15.04.2026 00:35:42
A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service (DoS) condition or, under ...