3 matches found
@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
Summary A sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype, Set.prototype is placed into an array and retrieved, the isGlobal...
CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype,...
CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype,...