Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
All versions of package realms-shim is vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.
Advisories for Npm/Realms-Shim package
2022
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
All versions of package realms-shim is vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.
2019
Sandbox Breakout in realms-shim
Versions of realms-shim are vulnerable to a Sandbox Breakout. The Realms evaluation function has an option to apply Babel-like transformations to the source code before it reaches the evaluator. One portion of this transform pipeline exposed a primal-Realm object to the rewriting function. Confined code which used the evaluator itself could provide a malicious rewriter function that captured this object, and use it to breach the sandbox. Upgrade to or …
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in realms-shim.