CVE-2022-23923: Privilege Issues in jailed

May 3, 2022 (updated May 23, 2022)

All versions of package jailed is vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object.

References

github.com/advisories/GHSA-77m7-9wvw-87fx
nvd.nist.gov/vuln/detail/CVE-2022-23923
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2441254
snyk.io/vuln/SNYK-JS-JAILED-2391490

Detect and mitigate CVE-2022-23923 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →