CVE-2022-23923 – jailed

Package

Manager: npm
Name: jailed
Vulnerable Version: >=0 <=0.3.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00142 pctl0.34995

Details

Privilege Issues in jailed All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object.

Metadata

Created: 2022-05-03T00:00:46Z
Modified: 2022-05-23T20:10:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-77m7-9wvw-87fx/GHSA-77m7-9wvw-87fx.json
CWE IDs: []
Alternative ID: GHSA-77m7-9wvw-87fx
Finding: F115
Auto approve: 1