2 matches found
CVE-2023-26919
The CVE concerns delight-nashorn-sandbox versions 0.2.4–0.2.5. A sandbox escape is possible when allowExitFunctions is set to false, via loadWithNewGlobal invoking exit/quit to terminate the Java process. In practice, this can enable process termination and potential DoS-like effects as described...
CVE-2023-26919
delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process...