SandboxJS JavaScript sandboxing library contains a vulnerability in versions prior to 0.9.6 where sandbox-defined functions expose Function.caller, allowing sandboxed code to recover internal runtime callbacks. Attackers can exploit this to invoke callbacks with fake context and object values to extract blocked host statics, recover the real host Function constructor, and execute arbitrary host JavaScript code. This represents a complete sandbox escape vulnerability that allows malicious code to break out of the intended security boundaries. The vulnerability is fixed in version 0.9.6.