Description
All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.3.1
References
Related Issues
- Improper beacon events in matrix-js-sdk can result in availability issues - CVE-2022-39236
- Improper Privilege Management in shelljs - CVE-2022-0144
- Authorization bypass in url-parse - CVE-2022-0512
- url-parse Incorrectly parses URLs that include an '@ - CVE-2022-0639
- Tags:
- npm
- jailed
Anything's wrong? Let us know Last updated on February 01, 2023