- Reported
-
- Issued
-
- Package
-
js-sandbox
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
no patched versions
Description
Affected versions use deno_core releases that expose Deno.core.ops.op_panic to the JS runtime in the base core
This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing
It can be fixed by stubbing out the exposed op:
Deno.core.ops.op_panic = (msg) => { throw new Error(msg) };
Advisory available under CC0-1.0
license.