CVE-2026-34211

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...

CVE-2026-34217

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

CVE-2026-34217

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

CVE-2026-34208

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...

CVE-2026-34217

CVE-2026-34217 (SandboxJS) affects @nyariv/sandboxjs

CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

CVE-2026-34211 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...

CVE-2026-34211

The CVE-2026-34211 entry describes an unbounded recursive vulnerability in @nyariv/sandboxjs (restOfExp and lispify/lispifyExpr) that can crash Node.js processes via deeply nested expressions. Connected sources (Rh/CVE-2026-34211, NVD, GHSA advisory) confirm the root cause is uncontrolled recursi...

CVE-2026-34208 SandboxJS: Sandbox integrity escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...

CVE-2026-34208

CVE-2026-34208 (SandboxJS) affects SandboxJS versions prior to 0.8.36. The vulnerability arises because an exposed constructor path (this.constructor.call(target, attackerObject)) can bypass the global-write protection and cause host global objects to be mutated by attacker-controlled payloads. T...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.36 contained a security vulnerability; this vulnerability stemmed from infinite recursion in the parser, which could lead to process crashes...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.36 contained security vulnerabilities; these vulnerabilities stemmed from the ability to bypass global object protection through constructor paths, potentially allowing modification of host global obje...

Nginx 0.8.36 - Source Disclosure and DoS Vulnerabilities

No description provided by source. Issue 1: Remote Source Disclosure - Description - nginx 0.8.36 is a multi platform HTTP server. This vulnerability exists in the latest Windows version of the application available. nginx on Windows is vulnerable to a remote source disclosure attack. - Technical...

nginx 0.8.36 Source Disclosure and DoS Vulnerabilities

No description provided by source. Issue 1: Remote Source Disclosure - Description - nginx 0.8.36 is a multi platform HTTP server. This vulnerability exists in the latest Windows version of the application available. nginx on Windows is vulnerable to a remote source disclosure attack. - Technical...

nginx Space String Remote Source Code Disclosure Vulnerability

nginx is prone to a remote source code-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process, which may aid in further attacks. This issue affects nginx...

nginx Space String Remote Source Code Disclosure Vulnerability

nginx is prone to a remote source code-disclosure vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...