@anthropic-ai/sandbox-runtime is vulnerable to Improper Access Control
52
Medium Risk
The sandbox routes restricted processes through loopback HTTP and SOCKS proxies that listen on 127.0.0.1 and enforce the configured network policy. These proxies require no authentication, so any local process can dial them and reach the proxy and its filter callback, undermining the intended per-session network isolation. The fix requires a per-session token (Basic auth for HTTP and SOCKS5 user/password for SOCKS) that is generated at init and exported only into the sandboxed child process environment. It also lets deniedDomains accept a bare "*" as a deny-all rule and adds a strictAllowlist mode that blocks off-allowlist hosts without falling back to the ask callback.
You are affected if you are using a version that falls within the vulnerable range and you rely on the sandbox's network restrictions to isolate untrusted processes.
@anthropic-ai/sandbox-runtime is vulnerable to Improper Access Control in versions 0.0.1 - 0.0.54.
Upgrade the @anthropic-ai/sandbox-runtime library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant