GHSA-9PC2-X9QF-7J2Q org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability

Impact Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the...

org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability

Impact Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the...

Remote Code Execution (RCE)

safe-eval is vulnerable to Sandbox Bypass. The vulnerability exists due to improper input sanitization which allows an attacker to execute arbitrary codes into the system...

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2023-26122 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26122 Source advisory: OSV:GHSA-79XF-67R4-Q2JJ...

GHSA-HCG3-56JF-X4VH safe-eval vulnerable to Prototype Pollution via the safeEval function

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content...

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2023-26121 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26121 Source advisory: OSV:GHSA-HCG3-56JF-X4VH...

GHSA-79XF-67R4-Q2JJ safe-eval vulnerable to Sandbox Bypass due to improper input sanitization

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution RCE. Vulnerable functions: defineGetter, stack,...

safe-eval vulnerable to Prototype Pollution via the safeEval function

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content...

CVE-2023-26122

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE". Vulnerable functions: defineGetter, stack,...

CVE-2023-26121

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content...

CVE-2023-26122

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE". Vulnerable functions: defineGetter, stack,...

CVE-2023-26121

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content...

Input validation

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE". Vulnerable functions: defineGetter, stack,...

CVE-2023-26122

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE". Vulnerable functions: defineGetter, stack,...

CVE-2023-26122

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE". Vulnerable functions: defineGetter, stack,...

CVE-2023-26122

The CVE-2023-26122 entry concerns the package safe-eval and describes a Sandbox Bypass caused by improper input sanitization that enables prototype pollution. Affected component/function surface includes defineGetter , stack(), toLocaleString(), propertyIsEnumerable.call(), and valueOf(). The vul...

CVE-2023-26121

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content...

CVE-2023-26121

CVE-2023-26121 affects the npm package safe-eval (all versions). The issue is a Prototype Pollution in the safeEval function caused by improper sanitization of its parameter content. This vulnerability is described across multiple connected sources as affecting all versions, with high/critical im...

PT-2023-20502 · Safe-Eval · Safe-Eval

Name of the Vulnerable Software and Affected Versions: safe-eval versions all Description: The issue arises from improper sanitization of the parameter content in the safeEval function, leading to Prototype Pollution. This affects all versions of the safe-eval package. Recommendations: For all...

safe-eval 安全漏洞

safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval has a security vulnerability that stems from improper cleaning of input...