SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to AsyncFunction not being isolated in SandboxFunction. The library attempts to sandbox code execution by replacing the global Function constructor with a safe, sandboxed version (SandboxFunction).

This is handled in utils.ts by mapping Function to sandboxFunction within a map used for lookups. However, before version 0.8.26, the library did not include mappings for AsyncFunction, GeneratorFunction, and AsyncGeneratorFunction. These constructors are not global properties but can be accessed via the .constructor property of an instance (e.g., (async () => {}).constructor).

In executor.ts, property access is handled. When code running inside the sandbox accesses .constructor on an async function (which the sandbox allows creating), the executor retrieves the property value. Since AsyncFunction was not in the safe-replacement map, the executor returns the actual native host AsyncFunction constructor.

Constructors for functions in JavaScript (like Function, AsyncFunction) create functions that execute in the global scope. By obtaining the host AsyncFunction constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.