simpleeval 安全漏洞

SimpleEval is a Python expression security evaluation library developed by Daniel. Versions of SimpleEval prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of objects directly accessing dangerous modules within the sandbox through attributes. If...

Prototype Pollution

expr-eval and expr-eval-fork is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of JavaScript prototype-based inheritance in the eval interface, which allows an attacker with access to manipulate object prototypes and potentially achieve arbitrary code execution...

CVE-1999-0455

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly...

CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

EUVD-2025-197614

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

JavaScript Expression Evaluator 安全漏洞

JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from prototype contamination and could lead to the execution of arbitrary code...

Prototype Pollution

Overview org.webjars.npm:expr-eval is a WebJar for expr-eval Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providin...

Prototype Pollution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providing...

JavaScript Expression Evaluator 安全漏洞

JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from insufficient input validation and could lead to the execution of arbitrary code...

EUVD-1999-0476

Malware in sbrugna...

EUVD-2025-0127

Malicious code in bioql PyPI...

Prototype Pollution

Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access...

Prototype Pollution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access prototype, proto, constructor, and assig...

ComfyUI_AceNodes 安全漏洞

ComfyUIAceNodes is a utility node for ComfyUI by Kaifeng Xu, a personal developer. A security vulnerability exists in ComfyUIAceNodes, which originates when the entry point function of the ACEExpressionEval node accepts arbitrary user-controlled data, which allows the user to create a workflow th...

Medium: janino

Issue Overview: janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. CVE-2023-3354...

CVE-2023-33546

Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by...

DEBIAN-CVE-2023-33546

Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by...

CVE-2023-33546

Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by...

UBUNTU-CVE-2023-33546

DISPUTED Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disput...

Stack overflow

DISPUTED Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disput...