CNNVD-202602-927 Information
CNNVD ID
CNNVD-202602-927
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
SandboxJS是nyariv个人开发者的一个安全评估软件。 SandboxJS 0.8.29之前版本存在安全漏洞,该漏洞源于执行验证的键与用于访问属性的键不匹配,可能导致沙箱逃逸。
Description (English)
SandboxJS is a security assessment software for the neyariv personal developer. The previous version of SandboxJS 0.8.29 had a security loophole, which stemmed from the mismatch between the key to perform the authentication and the key used to access properties, which could lead to a sandbox escape.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/nyariv/SandboxJS/blob/6103d7147c4666fe48cfda58a4d5f37005b43754/src/executor.ts#L304-L304 https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3 https://github.com/nyariv/SandboxJS/security/advisories/GHSA-7x3h-rm86-3342 https://access.redhat.com/security/cve/cve-2026-25641
Patch
https://github.com/nyariv/SandboxJS/releases
Share on: