CNNVD-202602-1264 Information

CNNVD ID

CNNVD-202602-1264

Related CVE

CVE-2026-25881

• CNNVD Published: 2026-02-09

Description (Chinese)

SandboxJS是nyariv个人开发者的一个安全评估软件。 SandboxJS 0.8.31之前版本存在安全漏洞，该漏洞源于沙箱逃逸漏洞允许沙箱代码通过数组字面量中介物污染主机内置原型，可能导致原型污染和远程代码执行。

Description (English)

SandboxJS is a security assessment software for the neyariv personal developer. The previous version of SandboxJS 0.8.31 had a security loophole, which stemmed from a sandbox escape that allowed the sandbox code to contaminate the host’s internal prototype through a series of font intermediaries, which could lead to prototype contamination and remote code implementation.

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/nyariv/SandboxJS/commit/f369f8db26649f212a6a9a2e7a1624cb2f705b53 https://github.com/nyariv/SandboxJS/security/advisories/GHSA-ww7g-4gwx-m7wj

Patch

https://www.npmjs.com/package/@nyariv/sandboxjs