9 matches found
CVE-2026-26954
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...
CVE-2026-26954
SandboxJS is a JavaScript sandboxing library. Before version 0.8.34, it can leak arrays containing Function, enabling sandbox escape when used with Object.fromEntries to construct {[p]: Function} for any constructible property. This leads to Sandbox Escape with potential RCE as described in multi...
CVE-2026-26954 SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...
CVE-2026-26954 SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...
SandboxJS 代码注入漏洞
SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.34 contained a code injection vulnerability. This vulnerability stemmed from the possibility of accessing arrays containing functions, which could lead to sandbox escape...
CVE-2023-31143
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have...
CVE-2023-31143 Mage terminal user authentication not working properly
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have...
CVE-2023-31143
CVE-2023-31143 affects Mage‑AI where, when using Mage with user authentication enabled, prior to version 0.8.72, unauthenticated users or users without editor permissions could access the terminal. Affected versions are 0.8.34 through 0.8.71; a fix is available in 0.8.72. Red Hat and OSV entries ...
mage-ai 访问控制错误漏洞
mage-ai is a modern replacement for Airflow in the Mage open source. An access control error vulnerability exists in mage-ai version 0.8.34, which stems from the fact that a user who is not logged in or does not have edit privileges can access the terminal...