6 matches found
CVE-2026-26954
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...
CVE-2026-26954
SandboxJS is a JavaScript sandboxing library. Before version 0.8.34, it can leak arrays containing Function, enabling sandbox escape when used with Object.fromEntries to construct {[p]: Function} for any constructible property. This leads to Sandbox Escape with potential RCE as described in multi...
CVE-2026-26954 SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...
GHSA-6R9F-759J-HJGV SandboxJS affected by a Sandbox Escape
Summary It is possible to obtain arrays containing Function, which allows escaping the sandbox. Details There are various ways to get an array containing Function, e.g. js Object.entriesthis.at1 // 'Function', Function: Function Object.valuesthis.slice1, 2 // Function: Function Given an array...
SandboxJS affected by a Sandbox Escape
Summary It is possible to obtain arrays containing Function, which allows escaping the sandbox. Details There are various ways to get an array containing Function, e.g. js Object.entriesthis.at1 // 'Function', Function: Function Object.valuesthis.slice1, 2 // Function: Function Given an array...
PT-2026-25322
Summary It is possible to obtain arrays containing Function, which allows escaping the sandbox. Details There are various ways to get an array containing Function, e.g. js Object.entriesthis.at1 // 'Function', Function: Function Object.valuesthis.slice1, 2 // Function: Function Given an array...