Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution
Vulnerability Description
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to __proto__ and other blocked prototype properties, enabling host Object.prototype pollution and persistent cross-sandbox impact. This vulnerability is fixed in 0.8.29.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
SandboxJS 安全漏洞
Vulnerability Description
SandboxJS是nyariv个人开发者的一个安全评估软件。 SandboxJS 0.8.29之前版本存在安全漏洞,该漏洞源于通过在沙箱对象上遮蔽hasOwnProperty可导致沙箱逃逸,从而禁用属性访问路径中的原型白名单强制执行,允许直接访问__proto__和其他被阻止的原型属性,可能导致主机Object.prototype污染和持久的跨沙箱影响。
CVSS Information
N/A
Vulnerability Type
N/A