Headline
CVE-2023-26919: When allowExitFunctions is set to false, we can use the loadWithNewGlobal function to invoke the exit and quit methods to exit the Java process. · Issue #135 · javadelight/delight-nashorn-sandbox
delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.
The load function is very powerful. Therefore it is disabled by default.
However, enabling the load function will allow overriding the security defaults. Therefore, it would be recommended to NOT enable the load function.
I don’t think it will be possible to protect the context introduced in the new scripts created with the load function.
As said, the solution for this exposure not to occur, is simply not to allow the load function.