Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2026/03/18 9:27 p.m.1 views

CVE-2026-32723 SandboxJS timers have an execution-quota bypass (cross-sandbox currentTicks race)

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

4.8CVSS5.9AI score0.00148EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/16 4:43 p.m.6 views

SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

4.8CVSS5.9AI score0.00148EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/16 4:43 p.m.2 views

GHSA-7P5M-XRH7-769R SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

4.8CVSS5.9AI score0.00148EPSS
Exploits1References4
Rows per page
Query Builder