46 matches found
Mongo-Express - Remote Code Execution
Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...
EUVD-2019-0712
Malware in sbrugna...
CVE-2019-10769
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...
CVE-2019-10759
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10760
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
Remote Code Execution (RCE)
mongodb-query-parser is vulnerable to remote code execution RCE. The vulnerability exists through the use of unsafe version of safer-eval, and context-eval in the older versions. This vulnerability is related to CVE-2019-10769...
@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acies/core (>=1.2.89 <=1.2.215) +134 more potentially affected by unknown CVE via safer-eval (>=1.2.3 <=1.3.6)
safer-eval NPM version =1.2.3, =1.11.1, =1.2.89, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-876R-HJ45-FW7G...
Sandbox Breakout / Arbitrary Code Execution in safer-eval
All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. It is possible to escape the sandbox by forcing exceptions recursively in the evaluated code. This may allow attacker to execute arbitrary code in the system. Recommendation The package is not suited to...
GHSA-876R-HJ45-FW7G Sandbox Breakout / Arbitrary Code Execution in safer-eval
All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. It is possible to escape the sandbox by forcing exceptions recursively in the evaluated code. This may allow attacker to execute arbitrary code in the system. Recommendation The package is not suited to...
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Withdrawn: Duplicate of GHSA-hgch-jjmr-gp7w...
Code Injection in commenthol/safer-eval
Overview safer-eval is a safer approach for eval in node and browser. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError: Maximum call stack size exceeded. Proof of Concept Credit: Jonathan Leitschuh js const theFunction = function const f =...
Sandbox Breakout / Arbitrary Code Execution
Overview All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system. Recommendation The...
@achil/parcel-bundler (>=1.11.1 <=1.12.34), @acies/core (>=1.2.89 <=1.2.215) +134 more potentially affected by CVE-2019-10769 via safer-eval (>=1.2.3 <=1.3.6)
safer-eval NPM version =1.2.3, =1.11.1, =1.2.89, =0.1.0, =4.0.0, =4.1.0, =4.1.2, =0.9.2-pre.41, =2.0.2, =1.0.0, =1.9.3, =0.3.0, =1.12.3, =1.0.0, =0.0.1, =3.4.4 and more Source cves: CVE-2019-10769 Source advisory: OSV:GHSA-V63X-XC9J-HHVQ...
GHSA-V63X-XC9J-HHVQ Sandbox Breakout / Arbitrary Code Execution in safer-eval
All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system. Recommendation The package is...
Remote Code Execution (RCE)
safer-eval is vulnerable to remote code execution RCE. The attack is possible due to the generation of RangeError when a Maximum call stack size is exceeded during the sandboxing of the evaluation of code used within the eval function...
safer-eval Input Validation Error Vulnerability
safer-eval is a security evaluation module that runs in node and browsers. An input validation error vulnerability exists in safer-eval. An attacker could exploit this vulnerability to execute arbitrary code...
CVE-2019-10769
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...
CVE-2019-10769
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...
Design/Logic Flaw
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError...
CVE-2019-10769
The provided data indicates CVE-2019-10769 affects the npm package safer-eval, which sandboxed evaluation uses the eval function. The vulnerability is described as Arbitrary Code Execution via generating a RangeError, with a detailed PoC published in the Huntr entry for safer-eval (1-NPM-SAFER-EV...