6 matches found
📄 NocoBase 2.0.27 Sandbox Escape / Remote Code Execution
NocoBase versions 2.0.27 and below suffer from a sandbox escape vulnerability in the Workflow Script Node. The console object passed into the Node.js vm sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout. An authenticated attacker can traverse the prototype...
CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...
CVE-2026-34156
NocoBase exposes a sandbox escape in the Workflow Script Node: an attacker can traverse the sandbox through the host console object (console._stdout/console._stderr) prototype chain to reach the Function constructor, access process, require child_process, and achieve Remote Code Execution as root...
CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...
MAL-2025-5540 Malicious code in @type-script-node/vite (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2faa4750aa53582075957f3561de51771262c721ab644ef9358baf9dac975e0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Autodesk Maya脚本节点文件远程代码执行漏洞
BUGTRAQ ID: 36636 CVE ID: CVE-2009-3578 Maya是一款高端的3D计算机图形和3D建模软件包。 Maya提供了被称为“脚本节点”的方式用于使用MEL(Maya的专有编程语言)和Python对动画行为进行编程。脚本节点保存为.mb和.ma文件格式。通过使用嵌入有脚本节点的特制文件,用户打开恶意的场景文件后就会无需任何干涉便可执行任意命令。 Autodesk Maya 8.5 Autodesk Maya 8.0 Autodesk Maya 2010 Autodesk Maya 2009 Autodesk Maya 2008 临时解决方法:...