Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Enclave has a sandbox escape via infinite recursion and error objects
Vulnerability Description
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar behavior or the vm module and the function constructor access prevention can be side-stepped by leveraging host object references. This vulnerability is fixed in 2.10.1.
CVSS Information
N/A
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
Enclave 安全漏洞
Vulnerability Description
Enclave是AgentFront开源的一个沙箱软件。 Enclave 2.10.1之前版本存在安全漏洞,该漏洞源于AST清理可被动态属性访问绕过,错误对象强化未覆盖vm模块特殊行为,且函数构造器访问预防可通过利用主机对象引用规避。
CVSS Information
N/A
Vulnerability Type
N/A