exploitDog

CVE-2023-26919

Опубликовано: 10 апр. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.

Ссылки

https://github.com/javadelight/delight-nashorn-sandbox/issues/135
Exploit
Issue Tracking
Vendor Advisory
https://github.com/javadelight/delight-nashorn-sandbox/issues/135
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:javadelight:nashorn_sandbox:0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:javadelight:nashorn_sandbox:0.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00179

Низкий

7.2 High

CVSS3

Дефекты

CWE-74

CWE-74

Связанные уязвимости

GHSA-wfwf-xhx7-3whj

CVSS3: 7.2

github

почти 3 года назад

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.

EPSS

Процентиль: 40%

0.00179

Низкий

7.2 High

CVSS3

Дефекты

CWE-74

CWE-74