72 matches found
CVE-2022-25904
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...
CVE-2022-25904 Prototype Pollution
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...
Buffer overflow
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...
safe-eval 安全漏洞
safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval suffers from a security vulnerability that stems from susceptibility to prototype contamination, which allows an attacker to add or modify properties of Object.prototype.Consolidate when using the...
PT-2022-17597 · Safe-Eval · Safe-Eval
Name of the Vulnerable Software and Affected Versions: safe-eval versions all Description: The issue allows an attacker to add or modify properties of the Object.prototype through Prototype Pollution when using the function safeEval. This is due to the function's use of the vm variable, enabling ...
@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2022-25904 via safe-eval (>=0.2.0 <=0.4.1)
safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2022-25904 Source advisory: SNYK:JS-SAFEEVAL-3175701...
Prototype Pollution
Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading a...
@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by unknown CVE via safe-eval (>=0.2.0 <=0.4.1)
safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9PCF-H8Q9-63F6...
Sandbox Breakout / Arbitrary Code Execution in safe-eval
All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload chaining a function's callee and caller constructors can escape the sandbox and execute arbitrary code. For example, the payload = const targetKey = Object.keysthis0; Object.definePropertythis,...
GHSA-9PCF-H8Q9-63F6 Sandbox Breakout / Arbitrary Code Execution in safe-eval
All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload chaining a function's callee and caller constructors can escape the sandbox and execute arbitrary code. For example, the payload = const targetKey = Object.keysthis0; Object.definePropertythis,...
@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2020-7710 via safe-eval (>=0.2.0 <=0.4.1)
safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2020-7710 Source advisory: OSV:GHSA-HRPQ-R399-WHGW...
Sandbox Breakout / Arbitrary Code Execution in safe-eval
All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload js function var ex = new Error...
GHSA-HRPQ-R399-WHGW Sandbox Breakout / Arbitrary Code Execution in safe-eval
All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload js function var ex = new Error...
Remote Code Execution (RCE)
safe-eval is vulnerable to remote code execution RCE. The application does not properly sanitize user input, allowing a malicious user to execute arbitrary commands...
CVE-2020-7710
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...
CVE-2020-7710
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...
CVE-2020-7710
CVE-2020-7710 affects all versions of the safe-eval package. The vulnerability arises from the package failing to restrict access to the main JavaScript context via Error objects, enabling a sandbox escape and remote code execution. Proof-of-concept payloads in advisory sources demonstrate how an...
CVE-2020-7710 Sandbox Escape
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...
@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2020-7710 via safe-eval (>=0.2.0 <=0.4.1)
safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2020-7710 Source advisory: SNYK:JS-SAFEEVAL-608076...
Sandbox Escape
Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine. POC by Anirudh Anand for node 12.13.0 const safeEval = require'safe-eval'; const theFunction = function...