4 matches found
@ajaxlinux/tools (>=1.1.2 <=1.1.7), @autorest/powershell (>=2.0.295 <=2.0.315) +239 more potentially affected by CVE-2017-16088 via safe-eval (>=0.2.0 <=0.3.0)
safe-eval NPM version =0.2.0, =1.1.2, =2.0.295, =2.0.4, =2.0.142, =3.0.136, =3.0.142, =4.0.149, =3.0.129, =1.2.9, =1.1.4, =0.0.34, =0.1.0 and more Source cves: CVE-2017-16088 Source advisory: OSV:GHSA-WW6V-677G-P656...
CVE-2017-16088
creationtimestamp| type| source ---|---|--- 2018-07-18 18:28:10+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-ww6v-677g-p656...
CVE-2017-16088
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox...
CVE-2017-16088
CVE-2017-16088 affects the npm package safe-eval, where un-sanitized input can access Function/constructor.CREATE and escape the sandbox, potentially enabling arbitrary code execution. Documents show a sandbox breakout via the process object and evaluation of process.exit(), confirming an RCE-lik...