Lucene search
K
Safe-eval ProjectSafe-eval

5 matches found

CVE
CVE
added 2018/06/07 2:0 a.m.104 views

CVE-2017-16088

CVE-2017-16088 affects the npm package safe-eval, where un-sanitized input can access Function/constructor.CREATE and escape the sandbox, potentially enabling arbitrary code execution. Documents show a sandbox breakout via the process object and evaluation of process.exit(), confirming an RCE-lik...

10CVSS9.3AI score0.03494EPSS
CVE
CVE
added 2022/12/21 1:21 a.m.73 views

CVE-2022-25904

CVE-2022-25904 – Prototype Pollution in safe-eval : All versions of the package are vulnerable to prototype pollution via the safeEval function, which can modify Object.prototype.Consolidate through the vm variable. The issue is reported across multiple sources (NVD, CVE listing, Veracode, GitHub...

9.8CVSS8.6AI score0.00884EPSS
CVE
CVE
added 2023/04/11 5:0 a.m.65 views

CVE-2023-26122

The CVE-2023-26122 entry concerns the package safe-eval and describes a Sandbox Bypass caused by improper input sanitization that enables prototype pollution. Affected component/function surface includes defineGetter , stack(), toLocaleString(), propertyIsEnumerable.call(), and valueOf(). The vul...

10CVSS9.7AI score0.02101EPSS
CVE
CVE
added 2020/08/21 9:15 a.m.51 views

CVE-2020-7710

CVE-2020-7710 affects all versions of the safe-eval package. The vulnerability arises from the package failing to restrict access to the main JavaScript context via Error objects, enabling a sandbox escape and remote code execution. Proof-of-concept payloads in advisory sources demonstrate how an...

9.8CVSS9.1AI score0.0143EPSS
CVE
CVE
added 2023/04/11 5:0 a.m.51 views

CVE-2023-26121

CVE-2023-26121 affects the npm package safe-eval (all versions). The issue is a Prototype Pollution in the safeEval function caused by improper sanitization of its parameter content. This vulnerability is described across multiple connected sources as affecting all versions, with high/critical im...

10CVSS9.4AI score0.01111EPSS