Nyariv: >> Sandboxjs >> 0.8.26 Security Vulnerabilities
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29.
CVSS Score
10.0
EPSS Score
0.006
Published
2026-02-06
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27.
CVSS Score
10.0
EPSS Score
0.011
Published
2026-02-02
Page 2