978 matches found
CVE-2026-34208
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...
CVE-2026-34208
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...
CVE-2026-34208 SandboxJS: Sandbox integrity escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...
CVE-2026-34208
CVE-2026-34208 (SandboxJS) affects SandboxJS versions prior to 0.8.36. The vulnerability arises because an exposed constructor path (this.constructor.call(target, attackerObject)) can bypass the global-write protection and cause host global objects to be mutated by attacker-controlled payloads. T...
SandboxJS 安全漏洞
SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.36 contained security vulnerabilities; these vulnerabilities stemmed from the ability to bypass global object protection through constructor paths, potentially allowing modification of host global obje...
GHSA-HG73-4W7G-Q96W SandboxJS: Sandbox Escape via Prop Object Leak in New Handler
Description A scope modification vulnerability exists in @nyariv/sandboxjs version 0.8.35 and below. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an...
GHSA-2GG9-6P7W-6CPJ SandboxJS: Sandbox integrity escape
Summary SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructor resolves to the internal SandboxGlobal function and...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the constructor process. An attacker can modify host global objects and persist these changes...
SandboxJS: Sandbox integrity escape
Summary SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructor resolves to the internal SandboxGlobal function and...
PT-2026-30272
Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.8.35 Description SandboxJS has a flaw where direct assignment to global objects is blocked, but this protection can be bypassed through a callable constructor path using this.constructor.calltarget, attackerObject...
Cross-site Scripting (XSS)
Overview telejson is an A library for teleporting rich data to another place. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the parse function. An attacker can execute arbitrary JavaScript code in the new Function context by supplying a crafted JSON payload...
GHSA-CCGF-5RWJ-J3HV TeleJSON: DOM XSS via unsanitised constructor name in `new Function()`
Summary telejson versions prior to 6.0.0 released 2022 are vulnerable to DOM-based Cross-Site Scripting XSS through unsafe deserialisation. Attacker-controlled input from the constructor-name property in parsed JSON is passed directly to new Function without sanitisation, allowing arbitrary...
TeleJSON: DOM XSS via unsanitised constructor name in `new Function()`
Summary telejson versions prior to 6.0.0 released 2022 are vulnerable to DOM-based Cross-Site Scripting XSS through unsafe deserialisation. Attacker-controlled input from the constructor-name property in parsed JSON is passed directly to new Function without sanitisation, allowing arbitrary...
EUVD-2026-17610
lodash vulnerable to Code Injection via .template imports key names...
CVE-2026-34532
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...
CVE-2026-4800
Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...
UBUNTU-CVE-2026-4800
Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...
CVE-2026-4800
Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...
CVE-2026-4800 lodash vulnerable to Code Injection via `_.template` imports key names
Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...
CVE-2026-34532
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...