Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lookupGetter method and improper context isolation. An attacker can execute arbitrary commands on the host syste...

GHSA-GRJ5-JJM8-H35P VM2 Sandbox Breakout Through __lookupGetter__

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The lookupGetter method allows to read the getter of an object. It is special in VM2 since it will switch...

VM2 Sandbox Breakout Through __lookupGetter__

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The lookupGetter method allows to read the getter of an object. It is special in VM2 since it will switch...

CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...

CVE-2026-25142

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict lookupGetter which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27...

Arbitrary Code Injection

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the lookupGetter function. An attacker can execute arbitrary code by bypassing prototype chain checks with function properties, and thereby escaping the...

SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE

Summary SandboxJS does not properly restrict lookupGetter which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. Details https://github.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/executor.tsL368-L398 The Object...

Mozilla dangling pointer vulnerability in LookupGetterOrSetter

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.lookupGetter function calls that lack arguments, which allows remote attackers to...

Mozilla dangling pointer vulnerability in LookupGetterOrSetter

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.lookupGetter function calls that lack arguments, which allows remote attackers to...

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:211)

Security issues were identified and fixed in mozilla-thunderbird : The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral...

Mozilla dangling pointer vulnerability in LookupGetterOrSetter

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.lookupGetter function calls that lack arguments, which allows remote attackers to...