Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler
Vulnerability Description
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an unexpected and undesired exploit. While this could allow modifying scopes inside the sandbox, code evaluation remains sandboxed and prototypes remain protected throughout the execution. This vulnerability is fixed in 0.8.36.
CVSS Information
N/A
Vulnerability Type
将资源暴露给错误范围
Vulnerability Title
SandboxJS 安全漏洞
Vulnerability Description
SandboxJS是nyariv个人开发者的一个安全评估软件。 SandboxJS 0.8.36之前版本存在安全漏洞,该漏洞源于沙盒代码可泄露内部解释器对象,可能导致修改沙盒内部作用域。
CVSS Information
N/A
Vulnerability Type
N/A