72 matches found
CVE-2023-26122
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE". Vulnerable functions: defineGetter, stack,...
CVE-2023-26122
The CVE-2023-26122 entry concerns the package safe-eval and describes a Sandbox Bypass caused by improper input sanitization that enables prototype pollution. Affected component/function surface includes defineGetter , stack(), toLocaleString(), propertyIsEnumerable.call(), and valueOf(). The vul...
CVE-2023-26122
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE". Vulnerable functions: defineGetter, stack,...
CVE-2023-26121
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content...
CVE-2023-26121
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content...
CVE-2023-26121
CVE-2023-26121 affects the npm package safe-eval (all versions). The issue is a Prototype Pollution in the safeEval function caused by improper sanitization of its parameter content. This vulnerability is described across multiple connected sources as affecting all versions, with high/critical im...
safe-eval 安全漏洞
safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval has a security vulnerability that stems from improper cleaning of input...
PT-2023-20502 · Safe-Eval · Safe-Eval
Name of the Vulnerable Software and Affected Versions: safe-eval versions all Description: The issue arises from improper sanitization of the parameter content in the safeEval function, leading to Prototype Pollution. This affects all versions of the safe-eval package. Recommendations: For all...
safe-eval 安全漏洞
safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval suffers from a security vulnerability that stems from incorrect parameter cleanup of the safeEval function, leading to prototype contamination...
Sandbox Bypass
Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE"...
@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2023-26122 via safe-eval (>=0.2.0 <=0.4.1)
safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26122 Source advisory: SNYK:JS-SAFEEVAL-3373064...
Prototype Pollution
Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. PoC js var safeEval = require'safe-eval' let code = function Error.prepareStackTrace = , c = c.ma...
@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2023-26121 via safe-eval (>=0.2.0 <=0.4.1)
safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26121 Source advisory: SNYK:JS-SAFEEVAL-3373062...
Prototype Pollution
safe-eval is vulnerable to prototype pollution. The vulnerability exists in the safeEval function in index.js, because it allows an attacker to add or modify Object.prototype.Consolidate properties...
CVE-2022-25904 Prototype Pollution
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...
CVE-2022-25904
CVE-2022-25904 – Prototype Pollution in safe-eval : All versions of the package are vulnerable to prototype pollution via the safeEval function, which can modify Object.prototype.Consolidate through the vm variable. The issue is reported across multiple sources (NVD, CVE listing, Veracode, GitHub...
CVE-2022-25904 Prototype Pollution
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...
@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2022-25904 via safe-eval (>=0.2.0 <=0.4.1)
safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2022-25904 Source advisory: OSV:GHSA-33VH-7X8Q-MG35...
GHSA-33VH-7X8Q-MG35 safe-eval vulnerable to Prototype Pollution
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...
safe-eval vulnerable to Prototype Pollution
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...