49 matches found
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via improper path resolution during extraction of OCI image layer tarballs. An attacker can write arbitrary files to locations outside the intended extraction root by crafting a layer with a symlink pointing to an absolut...
PT-2026-42209
Name of the Vulnerable Software and Affected Versions Boxlite versions prior to 0.9.0 Description Boxlite is a sandbox service that allows users to create lightweight virtual machines and launch OCI containers to run untrusted code. The software fails to properly enforce read-only mounts for host...
PT-2026-42210
Name of the Vulnerable Software and Affected Versions Boxlite versions prior to 0.9.0 Description Boxlite is a sandbox service that allows users to create lightweight virtual machines and run OCI containers. The software fails to properly validate symlink targets when extracting OCI image layer...
@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46703 via @boxlite-ai/boxlite (=0.8.2)
@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46703 Source advisory: SNYK:JS-BOXLITEAIBOXLITE-16787373...
airalogy-engine (=0.0.2) potentially affected by CVE-2026-46703 via boxlite (=0.8.2)
boxlite PYPI version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on boxlite and may be impacted: - airalogy-engine =0.0.2 Source cves: CVE-2026-46703 Source advisory: SNYK:PYTHON-BOXLITE-16787374...
@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46695 via @boxlite-ai/boxlite (=0.8.2)
@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46695 Source advisory: SNYK:JS-BOXLITEAIBOXLITE-16787353...
airalogy-engine (=0.0.2) potentially affected by CVE-2026-46695 via boxlite (=0.8.2)
boxlite PYPI version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on boxlite and may be impacted: - airalogy-engine =0.0.2 Source cves: CVE-2026-46695 Source advisory: SNYK:PYTHON-BOXLITE-16787350...
Symlink Attack
Overview boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Symlink Attack via improper path resolution during extraction of OCI image layer tarballs. An attacker can write arbitrary files to locations outside the intended extraction root by...
Improper Isolation or Compartmentalization
Overview boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the mounting of host directories in read-only mode into VM. An attacker can gain unauthorized write access to the host filesystem by remounti...