22 matches found
Prototype Pollution in realms-shim
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
GHSA-Q4J7-V27R-FGCX Prototype Pollution in realms-shim
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23594 via realms-shim (=1.2.2)
realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...
Prototype Pollution in realms-shim
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
GHSA-PWM7-QR6J-3VJG Prototype Pollution in realms-shim
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
Prototype Pollution
realms-shim is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor, and prototype. and bypass the sandbox...
Sandbox Bypass
realms-shim is vulnerable to sandbox bypass. The vulnerability exists through the 'realmEvaluate' function in 'realm.js' as its does not properly validate the input, allowing an attacker bypass the sandbox by inject properties into existing construct prototypes...
CVE-2021-23594
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
CVE-2021-23543
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
CVE-2021-23543
CVE-2021-23543 affects the npm package realms-shim. The vulnerability is a Sandbox Bypass via Prototype Pollution in realms-shim, with root causes involving unsafe recursive merges and prototype/ 'proto ' manipulation in object merges or path definitions (as described in the Snyk/NVD entries and ...
CVE-2021-23543 Sandbox Bypass
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
CVE-2021-23594
The CVE concerns realms-shim, a shim for the Realm API, vulnerable to Sandbox Bypass via Prototype Pollution. The root cause is unsafe prototype/recursive merge behavior that can pollute Object.prototype (and related constructs), enabling manipulation of prototypes and potentially remote code exe...
CVE-2021-23594 Sandbox Bypass
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
Sandbox Breakout in realms-shim
Versions of realms-shim prior to 1.2.1 are vulnerable to a Sandbox Breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. One portion of this transform pipeline exposed a primal-Realm object to the rewriting...
GHSA-7CG8-PQ9V-X98Q Sandbox Breakout in realms-shim
Versions of realms-shim prior to 1.2.1 are vulnerable to a Sandbox Breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. One portion of this transform pipeline exposed a primal-Realm object to the rewriting...
Sandbox Breakout
Overview Versions of realms-shim prior to 1.2.1 are vulnerable to a Sandbox Breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. One portion of this transform pipeline exposed a primal-Realm object to the...
Sandbox Breakout in realms-shim
Versions of realms-shim prior to 1.2.0 are vulnerable to a Sandbox Breakout. Reflect.construct can be used on the sandboxed Function constructor to reach the prototypes of the primal Realm, which may allow an attacker to escape the sandbox and execute arbitrary code. Recommendation Upgrade to...
GHSA-6JG8-7333-554W Sandbox Breakout in realms-shim
Versions of realms-shim prior to 1.2.0 are vulnerable to a Sandbox Breakout. Reflect.construct can be used on the sandboxed Function constructor to reach the prototypes of the primal Realm, which may allow an attacker to escape the sandbox and execute arbitrary code. Recommendation Upgrade to...
Sandbox Breakout
Overview Versions of realms-shim prior to 1.2.0 are vulnerable to a Sandbox Breakout. Reflect.construct can be used on the sandboxed Function constructor to reach the prototypes of the primal Realm, which may allow an attacker to escape the sandbox and execute arbitrary code. Recommendation Upgra...
Sandbox Breakout
Overview Versions of realms-shim prior to 1.2.0 are vulnerable to a Sandbox Breakout. The package's confined evaluator depended upon correct behavior of the spread operator a = ...b, ...c, which could be modified by the confined code. This may allow an attacker to escape the sandbox and run...