{"id":"RUSTSEC-2024-0403","summary":"op_panic in the base runtime can force a panic in the runtime's containing thread","details":"Affected versions use deno_core releases that expose `Deno.core.ops.op_panic` to the JS runtime in the base core\n\nThis function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing\n\nIt can be fixed by stubbing out the exposed op:\n```javascript\nDeno.core.ops.op_panic = (msg) =\u003e { throw new Error(msg) };\n```","aliases":["GHSA-4mw5-2636-4535"],"modified":"2025-10-28T06:29:23.047131Z","published":"2024-07-18T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/js-sandbox"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0403.html"},{"type":"REPORT","url":"https://github.com/Bromeon/js-sandbox/issues/31"}],"affected":[{"package":{"name":"js-sandbox","ecosystem":"crates.io","purl":"pkg:cargo/js-sandbox"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"functions":[],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"cvss":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0403.json","categories":["denial-of-service"],"informational":null}}],"schema_version":"1.7.3"}