A critical logic flaw in SandboxJS property validation allows unauthenticated attackers to escape the sandbox and execute arbitrary commands on the host.

The sandbox fails to enforce string types for property keys. An unauthenticated attacker can pass objects that return one value during the hasOwnProperty check and a different value during actual access, bypassing security sanitization.

This vulnerability allows an attacker to bypass all property-based security restrictions, leading to a full sandbox escape. The CVSS score of 10.0 highlights the extreme risk of host-level exploitation, data theft, and total loss of system integrity.

Immediate Action: Upgrade SandboxJS to version 0.8.29 to ensure strict type enforcement and consistent key validation during property access.

Proactive Monitoring: Monitor for the use of complex objects as property keys within scripts processed by the sandbox.

Compensating Controls: Implement a secondary layer of validation at the application level to sanitize all inputs before they are passed to the SandboxJS library.

Public Exploit Available: No

Due to the critical nature of this escape mechanism, immediate patching is mandatory. Organizations should update to version 0.8.29 to close this logic gap and maintain the security of their sandboxed operations.