Name of the Vulnerable Software and Affected Versions sandbox (affected versions not specified)

Description The issue allows for Sandbox Escape, leading to Remote Code Execution. It is caused by the failure to restrict access to the main context through this.constructor.constructor. This could enable attackers to execute arbitrary code in the system. For example, evaluating the payload this.constructor.constructor('return process.env')() can print the contents of process.env.

Recommendations Consider using an alternative package until a fix is made available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.