An unauthenticated attacker can escape the SandboxJS environment by exploiting insecure access to the Map prototype, leading to full host system compromise.

Because the Map object is categorized under SAFE_PROTOTYPES, its prototype is exposed within the sandbox. An unauthenticated attacker can overwrite Map.prototype.has to bypass internal logic and escape the restricted execution environment.

Successful exploitation results in an escape to the host environment, allowing for arbitrary code execution. The CVSS score of 10.0 indicates that this vulnerability poses a maximum threat to the organization, as it allows for complete unauthorized control over the application server.

Immediate Action: Update SandboxJS to version 0.8.29 immediately to secure the SAFE_PROTOTYPES definitions and prevent prototype overwriting.

Proactive Monitoring: Review and log all modifications to global object prototypes within the sandboxed environment to detect early signs of escape attempts.

Compensating Controls: Utilize runtime monitoring tools that can detect and block unauthorized system calls or suspicious process spawning from the application.

Public Exploit Available: No

The reliance on a trusted prototype for sandbox escape makes this a high-priority fix. Organizations must apply the 0.8.29 update immediately to ensure that sandboxed code cannot interfere with the host's execution flow.