Описание
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict lookupGetter which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27.
EPSS
Процентиль: 25%
0.00085
Низкий
10 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 10
github
5 дней назад
SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE
EPSS
Процентиль: 25%
0.00085
Низкий
10 Critical
CVSS3
Дефекты
CWE-94