SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being…
GitHub_M·CWE-94·Published 2026-01-27
SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.
SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.
### Summary A sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction` ### Details The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). ### PoC ```js const sandbox = require('@nyariv/sandboxjs'); const s = new sandbox.default(); const payload = ` const af = async () => {}; // .constructor returns the host AsyncFunction constructor because it's not intercepted const AsyncConstructor = af.constructor; console.log("AsyncConstructor name:", AsyncConstructor.name); // Create a function that executes outside the sandbox const func = AsyncConstructor("return process.mainModule.require('child_process').execSync('id').toString()"); // Execute RCE const p = func(); p.then(proc => { console.log(proc); }); `; try { s.compile(payload)().run(); } catch (e) { console.error("Bypass failed:", e.message); } ``` Run above script in nodejs. If you run it in browser, change the `AsyncConstructor` argument by returning `window` object. ### Impact A Remote Code Execution, attacker may be able to run an arbitrary code.
### Summary A sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction` ### Details The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). ### PoC ```js const sandbox = require('@nyariv/sandboxjs'); const s = new sandbox.default(); const payload = ` const af = async () => {}; // .constructor returns the host AsyncFunction constructor because it's not intercepted const AsyncConstructor = af.constructor; console.log("AsyncConstructor name:", AsyncConstructor.name); // Create a function that executes outside the sandbox const func = AsyncConstructor("return process.mainModule.require('child_process').execSync('id').toString()"); // Execute RCE const p = func(); p.then(proc => { console.log(proc); }); `; try { s.compile(payload)().run(); } catch (e) { console.error("Bypass failed:", e.message); } ``` Run above script in nodejs. If you run it in browser, change the `AsyncConstructor` argument by returning `window` object. ### Impact A Remote Code Execution, attacker may be able to run an arbitrary code.
SandboxJS es una librería de sandboxing de JavaScript. Las versiones anteriores a la 0.8.26 tienen una vulnerabilidad de escape de sandbox debido a que `AsyncFunction` no está aislada en `SandboxFunction`. La librería intenta aplicar un sandbox a la ejecución de código reemplazando el constructor global `Function` con una versión segura y con sandbox (`SandboxFunction`). Esto se maneja en `utils.ts` mapeando `Function` a `sandboxFunction` dentro de un mapa utilizado para búsquedas. Sin embargo, antes de la versión 0.8.26, la librería no incluía mapeos para `AsyncFunction`, `GeneratorFunction` y `AsyncGeneratorFunction`. Estos constructores no son propiedades globales, pero se puede acceder a ellos a través de la propiedad `.constructor` de una instancia (por ejemplo, `(async () => {}).constructor`). En `executor.ts`, se maneja el acceso a propiedades. Cuando el código que se ejecuta dentro del sandbox accede a `.constructor` en una función asíncrona (que el sandbox permite crear), el `executor` recupera el valor de la propiedad. Dado que `AsyncFunction` no estaba en el mapa de reemplazo seguro, el `executor` devuelve el constructor `AsyncFunction` nativo real del host. Los constructores para funciones en JavaScript (como `Function`, `AsyncFunction`) crean funciones que se ejecutan en el ámbito global. Al obtener el constructor `AsyncFunction` del host, un atacante puede crear una nueva función asíncrona que se ejecuta completamente fuera del contexto del sandbox, eludiendo todas las restricciones y obteniendo acceso total al entorno del host (ejecución remota de código). La versión 0.8.26 corrige esta vulnerabilidad.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 10.0 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 10.0 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | Secondary | NVD | 10.0 | 3.9 | 6.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | Secondary | GHSA | 10.0 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |