CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 1CVE-2023-39532 – SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
https://notcve.org/view.php?id=CVE-2023-39532
08 Aug 2023 — SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running... • https://github.com/endojs/endo/commit/fc90c6429604dc79ce8e3355e236ccce2bada041 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23543 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23543
07 Jan 2022 — All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. Todas las versiones del paquete realms-shim son vulnerables a una Omisión del Sandbox por medio de un vector de ataque de Contaminación de Prototipos • https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309908 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23594 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23594
07 Jan 2022 — All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. Todas las versiones del paquete realms-shim son vulnerables a la Omisión del Sandbox por medio de un vector de ataque de Contaminación de Prototipos • https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309907 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •