3 matches found
CVE-2026-32723 SandboxJS timers have an execution-quota bypass (cross-sandbox currentTicks race)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...
SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers
Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...
GHSA-7P5M-XRH7-769R SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers
Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...