Lucene search
PRIOn knowledge basePRION:CVE-2023-26122HistoryApr 11, 2023 - 5:15 a.m.
Input validation
2023-04-1105:15:00
PRIOn knowledge base
www.prio-n.com
2
safe-eval
sandbox bypass
input sanitization
remote code execution
prototype pollution
vulnerability
nvd
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.
Exploiting this vulnerability might result in remote code execution (“RCE”).
Vulnerable functions:
defineGetter, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().
References
gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce
github.com/hacksparrow/safe-eval/issues/27
github.com/hacksparrow/safe-eval/issues/31
github.com/hacksparrow/safe-eval/issues/32
github.com/hacksparrow/safe-eval/issues/33
github.com/hacksparrow/safe-eval/issues/34
github.com/hacksparrow/safe-eval/issues/35
security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064
Related
osv
osv
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
2023-04-11 06:30:29
CVE-2023-26122
2023-04-11 05:15:07
cve
cve
CVE-2023-26122
2023-04-11 05:15:07
nvd
nvd
CVE-2023-26122
2023-04-11 05:15:07
cvelist
cvelist
CVE-2023-26122
2023-04-11 05:00:02
veracode
veracode
Remote Code Execution (RCE)
2023-04-12 14:33:36
github
github
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
2023-04-11 06:30:29