CVE-2023-26919

Source
https://cve.org/CVERecord?id=CVE-2023-26919
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26919.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-26919
Published
2023-04-10T00:00:00Z
Modified
2026-07-15T01:48:51.207904849Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26919.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/javadelight/delight-nashorn-sandbox

Affected ranges

Type
GIT
Repo
https://github.com/javadelight/delight-nashorn-sandbox
Events
Database specific
{
    "cpe": "cpe:2.3:a:javadelight:nashorn_sandbox:0.2.4:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.2.4"
        },
        {
            "last_affected": "0.2.4"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

0.*
0.2.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26919.json"