CNNVD-202602-039 Information

CNNVD ID

CNNVD-202602-039

Related CVE

CVE-2026-25142

• CNNVD Published: 2026-02-02

Description (Chinese)

SandboxJS是nyariv个人开发者的一个安全评估软件。 SandboxJS 0.8.27之前版本存在代码注入漏洞，该漏洞源于未正确限制__lookupGetter__，可能导致沙箱逃逸或远程代码执行。

Description (English)

SandboxJS is a security assessment software for the neyariv personal developer. The pre-SandboxJS 0.8.27 version contains a code-injection loophole that originates from an incorrect restriction — the LookupGetter — that could lead to a sandbox escape or remote code enforcement.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/executor.ts#L368-L398 https://github.com/nyariv/SandboxJS/commit/75c8009db32e6829b0ad92ca13bf458178442bd3 https://github.com/nyariv/SandboxJS/security/advisories/GHSA-9p4w-fq8m-2hp7