Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS
Vulnerability Description
A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service (DoS) condition or, under certain conditions, escape the sandboxed environment intended to restrict code execution. The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned.
CVSS Information
N/A
Vulnerability Type
CWE-1321
Vulnerability Title
SandboxJS 安全漏洞
Vulnerability Description
SandboxJS是nyariv个人开发者的一个安全评估软件。 SandboxJS 0.8.23及之前版本存在安全漏洞,该漏洞源于原型污染,可能导致拒绝服务或逃逸沙箱环境。
CVSS Information
N/A
Vulnerability Type
N/A