@nyariv SandboxJS Prototype Pollution Vulnerability Allowing Sandbox Escape and Potential Remote Code Execution

A vulnerability in @nyariv/sandboxjs prior to version 0.8.31 allows sandboxed code to escape restrictions and modify host built-in prototypes. This is achieved by manipulating the 'isGlobal' protection flag through array literal intermediaries. When a global prototype reference is placed in an array and retrieved, the 'isGlobal' taint is removed, enabling direct mutation of the prototype from within the sandbox. This leads to persistent prototype pollution in the host environment and could allow remote code execution in applications that utilize the polluted properties in sensitive contexts.

Impact

Exploitation of this vulnerability allows for a sandbox escape, where untrusted code can modify host prototypes, disrupting the isolation provided by the sandbox. This alteration can be leveraged to execute arbitrary code in the host environment, particularly if the modified properties are used in critical application functions.

Reproduction

To reproduce this vulnerability, first create a new instance of the SandboxJS sandbox. Then, compile and run a script that accesses a global prototype, such as Map or Set, through an array. The 'isGlobal' protection will be stripped, allowing for mutation of the prototype. After modifying the prototype, demonstrate the pollution by accessing the altered property, showing that the change persists. Finally, execute a command using the polluted property to illustrate the remote code execution aspect.

Remediation

Users are advised to update to version 0.8.31 or later, where this vulnerability has been patched.