disable_eval

This is a Ruby gem called "disableeval" that provides a method to protect against eval-related security vulnerabilities. The gem is designed to prevent remote code execution RCE attacks by disabling the eval method and its variants. The gem provides two main components: 1. A Rack middleware that...

PT-2025-27339 · Unknown · Position Department Service Quality Evaluation System

Name of the Vulnerable Software and Affected Versions: Conjure Position Department Service Quality Evaluation System versions up to 1.0.11 Description: A critical vulnerability has been found in the Conjure Position Department Service Quality Evaluation System. The issue affects the eval function...

PT-2024-28377 · Unknown · Calculator-Boilerplate

Name of the Vulnerable Software and Affected Versions: calculator-boilerplate version 1.0 Description: The issue is related to a remote code execution RCE vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field. The...

PT-2020-16726

Name of the Vulnerable Software and Affected Versions Python versions 3 through 3.9.0 Description The issue arises from the Lib/test/multibytecodec support.py CJK codec tests in Python, which call eval on content retrieved via HTTP. This poses a risk due to the potential for executing arbitrary...

PT-2020-11957 · Assa Abloy · Assa Abloy Yale Wipc-301W

Name of the Vulnerable Software and Affected Versions: ASSA ABLOY Yale WIPC-301W versions 2.x.2.29 through 2.x.2.43 p1 Description: The issue allows Eval Injection of commands. Recommendations: For versions 2.x.2.29 through 2.x.2.43 p1, consider disabling the eval function as a temporary workarou...

PT-2019-16009 · Exim +1 · Sa-Exim +1

Name of the Vulnerable Software and Affected Versions: sa-exim version 4.2.1 Description: The issue allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature...