CVE-2026-34208: SandboxJS Global Object Injection Vulnerability
Plattform
nodejs
Komponente
sandboxjs
Behoben in
0.8.36
CVE-2026-34208 describes a global object injection vulnerability within the @nyariv/sandboxjs library. This flaw allows attackers to bypass intended security measures and inject arbitrary properties into host global objects. This can lead to persistent mutations across different sandbox instances running within the same process, potentially compromising the entire system. This affects versions of @nyariv/sandboxjs up to and including 0.8.36. Currently, there is no official patch available to address this vulnerability.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-34208?
CVE-2026-34208 is a critical security vulnerability in the @nyariv/sandboxjs library that allows attackers to inject properties into global objects, leading to persistent mutations across sandbox instances.
Am I affected by CVE-2026-34208?
You are likely affected if you are using @nyariv/sandboxjs version 0.8.36 or earlier. This vulnerability allows for global object injection, potentially compromising your system.
How can I fix or mitigate CVE-2026-34208?
Currently, there is no official patch available. Mitigation strategies may involve carefully reviewing and sanitizing any data passed to the sandbox and monitoring for unexpected behavior.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten