Description
All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.3.1
References
Related Issues
- Prototype pollution in 101 - CVE-2021-25943
- Use-After-Free in puppeteer - CVE-2019-5786
- Open Redirect in node-forge - CVE-2022-0122
- Denial of service in three - CVE-2020-28496
- Tags:
- npm
- jailed
Anything's wrong? Let us know Last updated on February 01, 2023