110 matches found
CVE-2026-32304
A flaw was found in Locutus, a JavaScript library that provides standard library functions. The createfunction function in Locutus passes user-supplied arguments and code directly to the JavaScript Function constructor without proper sanitization. This vulnerability allows a remote attacker to...
CVE-2026-32304
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...
CVE-2026-32304
Locutus (CVE-2026-32304) contains an RCE in create_function(args, code) where the two parameters are passed directly to the Function constructor without sanitization prior to 3.0.14. This allows arbitrary code execution if untrusted input reaches create_function, as the code path uses new Functio...
CVE-2026-25533
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25520
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can b...
CVE-2026-25533
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25520 SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can b...
CVE-2026-25520
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can b...
CVE-2026-25520 SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can b...
GHSA-58JH-XV4V-PCX4 @nyariv/sandboxjs has a Sandbox Escape issue
Summary The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox...
@nyariv/sandboxjs has a Sandbox Escape issue
Summary The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox...
Remote Code Execution (RCE)
SandboxJS is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing isolation and replacement of AsyncFunction and related function constructors, which allows an attacker to access the native host AsyncFunction via the .constructor property and execute arbitrary code outside...
Code Injection
Enclave is vulnerable to Code Injection. The vulnerability is due to exposure of a host-side Error object with an intact prototype chain to sandboxed code, which allows an attacker to traverse to the host Function constructor and execute arbitrary code in the Node.js host runtime...
enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain
A critical sandbox escape vulnerability exists in enclave-vm affected: 2.6.0, patched: 2.7.0 that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Erro...
CVE-2026-22686
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...
CVE-2026-22686 Sandbox Escape via Host Error Prototype Chain in enclave-vm
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...
CVE-2026-22686
The CVE-2026-22686 issue affects enclave-vm prior to version 2.7.0. A sandbox escape exists when a tool invocation fails and a host-side Error object is leaked into the sandbox, allowing traversal of the host realm prototype chain to reach the host Function constructor. This enables arbitrary cod...
PT-2026-2792
Name of the Vulnerable Software and Affected Versions Enclave versions prior to 2.7.0 Description Enclave is a secure JavaScript sandbox used for safe AI agent code execution. A critical sandbox escape issue exists in enclave-vm, allowing untrusted JavaScript code to execute arbitrary code in the...