5 matches found
CVE-2017-16088
CVE-2017-16088 affects the npm package safe-eval, where un-sanitized input can access Function/constructor.CREATE and escape the sandbox, potentially enabling arbitrary code execution. Documents show a sandbox breakout via the process object and evaluation of process.exit(), confirming an RCE-lik...
CVE-2022-25904
CVE-2022-25904 – Prototype Pollution in safe-eval : All versions of the package are vulnerable to prototype pollution via the safeEval function, which can modify Object.prototype.Consolidate through the vm variable. The issue is reported across multiple sources (NVD, CVE listing, Veracode, GitHub...
CVE-2023-26122
The CVE-2023-26122 entry concerns the package safe-eval and describes a Sandbox Bypass caused by improper input sanitization that enables prototype pollution. Affected component/function surface includes defineGetter , stack(), toLocaleString(), propertyIsEnumerable.call(), and valueOf(). The vul...
CVE-2020-7710
CVE-2020-7710 affects all versions of the safe-eval package. The vulnerability arises from the package failing to restrict access to the main JavaScript context via Error objects, enabling a sandbox escape and remote code execution. Proof-of-concept payloads in advisory sources demonstrate how an...
CVE-2023-26121
CVE-2023-26121 affects the npm package safe-eval (all versions). The issue is a Prototype Pollution in the safeEval function caused by improper sanitization of its parameter content. This vulnerability is described across multiple connected sources as affecting all versions, with high/critical im...