Lucene search
K

72 matches found

OSV
OSV
added 2023/04/11 5:0 a.m.17 views

CVE-2023-26122

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE". Vulnerable functions: defineGetter, stack,...

8.8CVSS10AI score0.02101EPSS
Exploits1References10
CVE
CVE
added 2023/04/11 5:0 a.m.65 views

CVE-2023-26122

The CVE-2023-26122 entry concerns the package safe-eval and describes a Sandbox Bypass caused by improper input sanitization that enables prototype pollution. Affected component/function surface includes defineGetter , stack(), toLocaleString(), propertyIsEnumerable.call(), and valueOf(). The vul...

10CVSS9.7AI score0.02101EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/11 5:0 a.m.9 views

CVE-2023-26122

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE". Vulnerable functions: defineGetter, stack,...

8.8CVSS7.6AI score0.02101EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2023/04/11 5:0 a.m.7 views

CVE-2023-26121

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content...

7.5CVSS8.7AI score0.01111EPSS
Exploits1References3
OSV
OSV
added 2023/04/11 5:0 a.m.14 views

CVE-2023-26121

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content...

7.5CVSS9.7AI score0.01111EPSS
Exploits1References5
CVE
CVE
added 2023/04/11 5:0 a.m.51 views

CVE-2023-26121

CVE-2023-26121 affects the npm package safe-eval (all versions). The issue is a Prototype Pollution in the safeEval function caused by improper sanitization of its parameter content. This vulnerability is described across multiple connected sources as affecting all versions, with high/critical im...

10CVSS9.4AI score0.01111EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.7 views

safe-eval 安全漏洞

safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval has a security vulnerability that stems from improper cleaning of input...

10CVSS8.3AI score0.02101EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.11 views

PT-2023-20502 · Safe-Eval · Safe-Eval

Name of the Vulnerable Software and Affected Versions: safe-eval versions all Description: The issue arises from improper sanitization of the parameter content in the safeEval function, leading to Prototype Pollution. This affects all versions of the safe-eval package. Recommendations: For all...

10CVSS7.2AI score0.01111EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.5 views

safe-eval 安全漏洞

safe-eval is a safer version of the eval function from the Hage Yaapa Personal Developer. safe-eval suffers from a security vulnerability that stems from incorrect parameter cleanup of the safeEval function, leading to prototype contamination...

10CVSS8.3AI score0.01111EPSS
Exploits1References4
Snyk
Snyk
added 2023/03/26 12:48 p.m.7 views

Sandbox Bypass

Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution "RCE"...

10CVSS8.1AI score0.02101EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2023/03/26 12:48 p.m.6 views

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2023-26122 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26122 Source advisory: SNYK:JS-SAFEEVAL-3373064...

10CVSS7.2AI score0.02101EPSS
Exploits1
Snyk
Snyk
added 2023/03/26 12:36 p.m.7 views

Prototype Pollution

Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. PoC js var safeEval = require'safe-eval' let code = function Error.prepareStackTrace = , c = c.ma...

10CVSS9AI score0.01111EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2023/03/26 12:36 p.m.9 views

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2023-26121 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2023-26121 Source advisory: SNYK:JS-SAFEEVAL-3373062...

10CVSS7.2AI score0.01111EPSS
Exploits1
Veracode
Veracode
added 2022/12/21 6:5 a.m.17 views

Prototype Pollution

safe-eval is vulnerable to prototype pollution. The vulnerability exists in the safeEval function in index.js, because it allows an attacker to add or modify Object.prototype.Consolidate properties...

9.8CVSS8.8AI score0.00884EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/21 1:21 a.m.6 views

CVE-2022-25904 Prototype Pollution

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...

7.5CVSS9.4AI score0.00884EPSS
Exploits1References2
CVE
CVE
added 2022/12/21 1:21 a.m.75 views

CVE-2022-25904

CVE-2022-25904 – Prototype Pollution in safe-eval : All versions of the package are vulnerable to prototype pollution via the safeEval function, which can modify Object.prototype.Consolidate through the vm variable. The issue is reported across multiple sources (NVD, CVE listing, Veracode, GitHub...

9.8CVSS8.6AI score0.00884EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/12/21 1:21 a.m.34 views

CVE-2022-25904 Prototype Pollution

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...

7.5CVSS9.7AI score0.00884EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/12/20 6:30 a.m.6 views

@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2022-25904 via safe-eval (>=0.2.0 <=0.4.1)

safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2022-25904 Source advisory: OSV:GHSA-33VH-7X8Q-MG35...

9.8CVSS7.2AI score0.00884EPSS
Exploits1
OSV
OSV
added 2022/12/20 6:30 a.m.2 views

GHSA-33VH-7X8Q-MG35 safe-eval vulnerable to Prototype Pollution

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...

9.8CVSS5.9AI score0.00884EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/12/20 6:30 a.m.34 views

safe-eval vulnerable to Prototype Pollution

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the...

9.8CVSS6.3AI score0.00884EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder