Описание
Sandbox Breakout / Arbitrary Code Execution in safer-eval
All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. It is possible to escape the sandbox by forcing exceptions recursively in the evaluated code. This may allow attacker to execute arbitrary code in the system.
Recommendation
The package is not suited to receive arbitrary user input. Consider using an alternative package.
Пакеты
Наименование
safer-eval
npm
Затронутые версииВерсия исправления
>= 0.0.0
Отсутствует