CVE-2025-53626: Src Expression Ts Cwe 79 Cve 2025 53626
Exposing the raw global `Object` alongside other built-ins often indicates an evaluation context or sandbox creation. Passing the raw `Object` allows attackers to access reflection and prototype manipulation methods (e.g., `Object.getPrototypeOf`, `Object.getOwnPropertyDescriptor`). This can lead to sandbox escape, arbitrary code execution, or prototype poll
JSgreprules fetch cve-2025-53626-src-expression-ts-cwe-79-cve-2025-53626 --engine opengrepDescription
Exposing the raw global `Object` alongside other built-ins often indicates an evaluation context or sandbox creation. Passing the raw `Object` allows attackers to access reflection and prototype manipulation methods (e.g., `Object.getPrototypeOf`, `Object.getOwnPropertyDescriptor`). This can lead to sandbox escape, arbitrary code execution, or prototype poll
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0