CVE-2017-16088

Опубликовано: 07 июн. 2018

Источник: nvd

CVSS3: 10

CVSS2: 10

EPSS Низкий

Описание

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Ссылки

https://github.com/hacksparrow/safe-eval/issues/5
Third Party Advisory
https://github.com/patriksimek/vm2/issues/59
Third Party Advisory
https://nodesecurity.io/advisories/337
Third Party Advisory
https://github.com/hacksparrow/safe-eval/issues/5
Third Party Advisory
https://github.com/patriksimek/vm2/issues/59
Third Party Advisory
https://nodesecurity.io/advisories/337
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:safe-eval_project:safe-eval:0.0.0:*:*:*:*:node.js:*:*

cpe:2.3:a:safe-eval_project:safe-eval:0.1.0:*:*:*:*:node.js:*:*

cpe:2.3:a:safe-eval_project:safe-eval:0.2.0:*:*:*:*:node.js:*:*

cpe:2.3:a:safe-eval_project:safe-eval:0.3.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 84%

0.02058

Низкий

10 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-610

NVD-CWE-noinfo

Связанные уязвимости

GHSA-ww6v-677g-p656

CVSS3: 10

github

больше 7 лет назад

Sandbox Breakout in safe-eval

EPSS

Процентиль: 84%

0.02058

Низкий

10 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-610

NVD-CWE-noinfo