CVE-2020-16526

Опубликовано: 12 янв. 2021

Источник: nvd

Описание

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none

Связанные уязвимости

GHSA-8cxc-qr4w-j225

github

больше 3 лет назад

**RESERVED**https://github.com/hacksparrow/safe-eval safe-eval 0.4.1 is affected by: Sandbox Escape. The impact is: execute arbitrary code (remote). The component is: https://github.com/hacksparrow/safe-eval/blob/master/index.js. ¶¶ The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.