safe-eval 安全漏洞

safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval suffers from a security vulnerability that stems from incorrect parameter cleanup of the safeEval function, leading to prototype contamination...

Arbitrary Command Execution

pullit is vulnerable to Arbitrary Command Execution. The vulnerability exists in index.js due to an insecure use of the eval function which allows an attacker to inject and execute arbitrary commands...

CVE-2018-25083

The CVE-2018-25083 issue affects the pullit package for Node.js, before version 1.4.0. The root cause is the use of eval on an attacker-supplied Git branch name, enabling OS command injection. Impact is high across confidentiality, integrity, and availability (per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:...

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2023-26122 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26122 Source advisory: SNYK:JS-SAFEEVAL-3373064...

Sandbox Bypass

Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE"...

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2023-26121 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26121 Source advisory: SNYK:JS-SAFEEVAL-3373062...

Prototype Pollution

Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. PoC js var safeEval = require'safe-eval' let code = function Error.prepareStackTrace = , c = c.ma...

CVE-2023-0888 Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device...

org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection

Impact Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters A proof of concept exploit is to log in, add an XWiki.UIExtensionClass xobject to the user profil...

GHSA-QXJG-JHGW-QHRV org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection

Impact Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters A proof of concept exploit is to log in, add an XWiki.UIExtensionClass xobject to the user profil...

CVE-2023-0089

The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...

CVE-2023-0090

The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...

CVE-2023-0089

The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...

CVE-2023-0090

The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...

Remote code execution

The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...

Remote code execution

The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...

CVE-2023-0090 Proofpoint Enterprise Protection webservices unauthenticated RCE

The webservices in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all...

CVE-2023-0090

Proofpoint Enterprise Protection (PPS/POD) webservices are affected by CVE-2023-0090: an anonymous user can trigger remote code execution via eval injection, requiring network access to the webservices API (non-default configuration) and impacting all versions 8.20.0 and below. Exploitation detai...

CVE-2023-0089 Proofpoint Enterprise Protection webutils authenticated RCE

The webutils in Proofpoint Enterprise Protection PPS/POD contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below...

CVE-2023-0089

CVE-2023-0089 affects Proofpoint Enterprise Protection (PPS/POD) webutils. An authenticated user can execute remote code through an eval injection vulnerability, impacting all versions ≤ 8.20.0. The issue arises in the webutils component of PPS/POD, enabling high-severity impact (C, I, A: High) a...