CVE-2023-26919

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-26919

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26919.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-26919

Published

2023-04-10T16:15:07.200Z

Modified

2025-11-15T06:21:51.964887Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.

References

https://github.com/javadelight/delight-nashorn-sandbox/issues/135

Affected packages

Git / github.com/javadelight/delight-nashorn-sandbox

Affected ranges

Type: GIT
Repo: https://github.com/javadelight/delight-nashorn-sandbox
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c08018ccd795668d3c12cfcd0d57c08eab9eb6aa

Affected versions

0.*

0.0.4

0.0.5

0.0.6

0.1.12

0.1.13

0.1.15

0.1.18

0.2.0

0.2.3

0.2.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26919.json"