3 matches found
CVE-2026-25142 SandboxJS Prototype Pollution -> Sandbox Escape -> RCE
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict lookupGetter which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27...
CVE-2026-25142
SandboxJS prior to version 0.8.27 fails to properly restrict lookupGetter , enabling sandbox escape and remote code execution via prototype access (notably through Map.prototype.has). The CVE-2026-25142 issue is fixed in 0.8.27. Affected component: SandboxJS sandboxing library; root cause: insuff...
@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25142 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)
@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25142 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15182636...