Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.javadelight/delight-nashorn-sandbox@0.2.5

Type maven

Namespace org.javadelight

Name delight-nashorn-sandbox

Version 0.2.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.3.0

Latest_non_vulnerable_version 0.3.1

Affected_by_vulnerabilities

url VCID-j1uq-yven-wugz

vulnerability_id VCID-j1uq-yven-wugz

summary

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-26919

reference_id

reference_type

scores

value	0.00661
scoring_system	epss
scoring_elements	0.71489
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26919

reference_url	https://github.com/javadelight/delight-nashorn-sandbox/issues/135
reference_id
reference_type
scores
url	https://github.com/javadelight/delight-nashorn-sandbox/issues/135

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-26919
reference_id	CVE-2023-26919
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-26919

fixed_packages

url	pkg:maven/org.javadelight/delight-nashorn-sandbox@0.3.0
purl	pkg:maven/org.javadelight/delight-nashorn-sandbox@0.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.javadelight/delight-nashorn-sandbox@0.3.0

aliases CVE-2023-26919

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1uq-yven-wugz

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.javadelight/delight-nashorn-sandbox@0.2.5

Package Instance