Bentamam

**Name of the Vulnerable Software and Affected Versions** FastGPT versions prior to 4.15.0-beta1 **Description** The JavaScript sandbox worker fails to properly block dynamic `import()` calls due to an insufficient regular expression. The regex `/bimports*(/.test(code)` only accounts for ASCII whitespace and does not detect block comments placed between the `import` keyword and the opening parenthesis. An attacker can use a payload such as `import/**/("child process")` to bypass this check. Since `import()` is not wrapped by the `safeRequire` Proxy, which only handles `require` calls, this allows the loading of the `child process` module and the execution of `execSync()`, leading to arbitrary command execution as `uid=100(sandbox)` within the sandbox container. **Recommendations** Update to version 4.15.0-beta1.