Описание
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties, enabling host Object.prototype pollution and persistent cross-sandbox impact. This vulnerability is fixed in 0.8.29.
EPSS
Процентиль: 15%
0.00048
Низкий
10 Critical
CVSS3
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 10
github
4 дня назад
@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution
EPSS
Процентиль: 15%
0.00048
Низкий
10 Critical
CVSS3
Дефекты
CWE-74