CNNVD-202602-913 Information
CNNVD ID
CNNVD-202602-913
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
SandboxJS是nyariv个人开发者的一个安全评估软件。 SandboxJS 0.8.29之前版本存在安全漏洞,该漏洞源于通过在沙箱对象上遮蔽hasOwnProperty可导致沙箱逃逸,从而禁用属性访问路径中的原型白名单强制执行,允许直接访问__proto__和其他被阻止的原型属性,可能导致主机Object.prototype污染和持久的跨沙箱影响。
Description (English)
SandboxJS is a security assessment software for the neyariv personal developer. The previous version of SandboxJS 0.8.29 had a security loophole, which stemmed from the fact that the shielding of sandbox objects could lead to sandbox escape by covering up HasownProperty, thus prohibiting the enforcement of the prototype white list in the property access path, allowing direct access to proto and other prevented prototype properties, which could lead to the contamination of the host Object.prototype and the lasting cross-sandbox effects.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3 https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48 https://access.redhat.com/security/cve/cve-2026-25586
Patch
https://github.com/nyariv/SandboxJS/releases
Share on: