Description

A prototype pollution vulnerability exists in @nyariv/sandboxjs versions <= 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service (DoS) condition or, under certain conditions, escape the sandboxed environment intended to restrict code execution. The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned.

INFO

Published Date :

2025-07-31T14:59:35.716Z

Last Modified :

2026-03-23T15:43:39.312Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2025-34146 vulnerability.

Vendors Products
Nyariv
  • Sandboxjs
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34146.

URL Resource
https://gist.github.com/Hagrid29/9df27829a491080f923c4f6b8518d7e3 cve-icon cve-icon
https://github.com/nyariv/SandboxJS/issues/31 cve-icon cve-icon
https://www.npmjs.com/package/@nyariv/sandboxjs cve-icon cve-icon
https://www.vulncheck.com/advisories/nyariv-sandboxjs-prototype-pollution-sandbox-escape-dos cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability