{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T21:42:26.317","vulnerabilities":[{"cve":{"id":"CVE-2026-25142","sourceIdentifier":"security-advisories@github.com","published":"2026-02-02T23:16:09.440","lastModified":"2026-02-18T14:34:30.523","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27."},{"lang":"es","value":"SandboxJS es una biblioteca de sandboxing de JavaScript. Antes de la versión 0.8.27, SandboxJS no restringe adecuadamente __lookupGetter__, que puede usarse para obtener prototipos, lo que puede usarse para escapar del sandbox / ejecución remota de código. Esta vulnerabilidad está corregida en la versión 0.8.27."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nyariv:sandboxjs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.8.27","matchCriteriaId":"0B7FD7B0-0F36-4201-9F29-513F12B3DC25"}]}]}],"references":[{"url":"https://github.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/executor.ts#L368-L398","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/nyariv/SandboxJS/commit/75c8009db32e6829b0ad92ca13bf458178442bd3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-9p4w-fq8m-2hp7","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}