Sandbox Breakout in safe-eval

Affected versions of safe-eval are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Proof of Concept:

This code accesses the process object and calls .exit()

var safeEval = require('safe-eval');
safeEval("this.constructor.constructor('return process')().exit()");

Recommendation

Update to version 0.4.0 or later