Description
All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.3.1
References
Related Issues
- Improper beacon events in matrix-js-sdk can result in availability issues - CVE-2022-39236
- Improper Privilege Management in shelljs - CVE-2022-0144
- Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability (GHSA-m5vv-6r4h-3vj9) - CVE-2024-35255
- jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label - CVE-2022-31160
- Tags:
- npm
- jailed
Anything's wrong? Let us know Last updated on February 01, 2023