Описание
Sandbox Breakout / Arbitrary Code Execution in safer-eval
All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system.
Recommendation
The package is not meant to receive user input. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
safer-eval
npm
Затронутые версииВерсия исправления
<= 1.3.6
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError.