Home > Vulnerability Database > CVE-2023-26919

Mend.io Vulnerability Database

CVE-2023-26919

Date: April 9, 2023

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.

Language: Java

Severity Score

7.2

Related Resources (3)

Url: https://github.com/javadelight/delight-nashorn-sandbox/issues/135

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-26919

Url: https://www.mend.io/vulnerability-database/CVE-2023-26919

Severity Score

7.2

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-26919

Date: April 9, 2023

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?