Lucene search
+L

72 matches found

NVD
NVD
added 2022/12/20 5:15 a.m.37 views

CVE-2022-25904

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...

9.8CVSS0.00884EPSS
Exploits1References2
OSV
OSV
added 2022/12/20 5:15 a.m.17 views

CVE-2022-25904 Prototype Pollution

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...

7.5CVSS7.2AI score0.00884EPSS
Exploits1References4
Prion
Prion
added 2022/12/20 5:15 a.m.16 views

Buffer overflow

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...

7.5CVSS9.4AI score0.00884EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/12/20 12:0 a.m.6 views

safe-eval 安全漏洞

safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval suffers from a security vulnerability that stems from susceptibility to prototype contamination, which allows an attacker to add or modify properties of Object.prototype.Consolidate when using the...

9.8CVSS8.2AI score0.00884EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/12/20 12:0 a.m.6 views

PT-2022-17597 · Safe-Eval · Safe-Eval

Name of the Vulnerable Software and Affected Versions: safe-eval versions all Description: The issue allows an attacker to add or modify properties of the Object.prototype through Prototype Pollution when using the function safeEval. This is due to the function's use of the vm variable, enabling ...

9.8CVSS9.3AI score0.00884EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2022/12/19 2:15 p.m.9 views

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2022-25904 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2022-25904 Source advisory: SNYK:JS-SAFEEVAL-3175701...

9.8CVSS7.2AI score0.00884EPSS
Exploits1
Snyk
Snyk
added 2022/12/19 2:15 p.m.5 views

Prototype Pollution

Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading a...

9.8CVSS9AI score0.00884EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2020/09/03 5:12 p.m.5 views

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by unknown CVE via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9PCF-H8Q9-63F6...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/03 5:12 p.m.40 views

Sandbox Breakout / Arbitrary Code Execution in safe-eval

All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload chaining a function's callee and caller constructors can escape the sandbox and execute arbitrary code. For example, the payload = const targetKey = Object.keysthis0; Object.definePropertythis,...

4.7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 5:12 p.m.76 views

GHSA-9PCF-H8Q9-63F6 Sandbox Breakout / Arbitrary Code Execution in safe-eval

All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload chaining a function's callee and caller constructors can escape the sandbox and execute arbitrary code. For example, the payload = const targetKey = Object.keysthis0; Object.definePropertythis,...

8.2AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2020/08/25 11:40 p.m.5 views

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2020-7710 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2020-7710 Source advisory: OSV:GHSA-HRPQ-R399-WHGW...

9.8CVSS7.2AI score0.0143EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2020/08/25 11:40 p.m.240 views

Sandbox Breakout / Arbitrary Code Execution in safe-eval

All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload js function var ex = new Error...

9.8CVSS9.5AI score0.0143EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2020/08/25 11:40 p.m.11 views

GHSA-HRPQ-R399-WHGW Sandbox Breakout / Arbitrary Code Execution in safe-eval

All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload js function var ex = new Error...

9.8CVSS6.2AI score0.0143EPSS
Exploits1References4
Veracode
Veracode
added 2020/08/24 12:8 a.m.18 views

Remote Code Execution (RCE)

safe-eval is vulnerable to remote code execution RCE. The application does not properly sanitize user input, allowing a malicious user to execute arbitrary commands...

9.8CVSS4.6AI score0.0143EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/08/21 10:15 a.m.5 views

CVE-2020-7710

This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...

9.8CVSS7.4AI score0.0143EPSS
Exploits1References2
NVD
NVD
added 2020/08/21 10:15 a.m.44 views

CVE-2020-7710

This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...

9.8CVSS8.7AI score0.0143EPSS
Exploits1References2
CVE
CVE
added 2020/08/21 9:15 a.m.51 views

CVE-2020-7710

CVE-2020-7710 affects all versions of the safe-eval package. The vulnerability arises from the package failing to restrict access to the main JavaScript context via Error objects, enabling a sandbox escape and remote code execution. Proof-of-concept payloads in advisory sources demonstrate how an...

9.8CVSS9.1AI score0.0143EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/08/21 9:15 a.m.51 views

CVE-2020-7710 Sandbox Escape

This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...

8.1CVSS9.7AI score0.0143EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2020/02/28 9:12 a.m.7 views

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2020-7710 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2020-7710 Source advisory: SNYK:JS-SAFEEVAL-608076...

9.8CVSS7.2AI score0.0143EPSS
Exploits1
Snyk
Snyk
added 2020/02/28 9:12 a.m.25 views

Sandbox Escape

Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine. POC by Anirudh Anand for node 12.13.0 const safeEval = require'safe-eval'; const theFunction = function...

9.8CVSS7AI score0.0143EPSS
Exploits1References2
Rows per page
Query Builder