All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.
Exploiting this vulnerability might result in remote code execution ("RCE").
**Vulnerable functions:**
__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().
References
Link | Resource |
---|---|
https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce | Exploit Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/27 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/31 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/32 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/33 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/34 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/35 | Exploit Issue Tracking Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
18 Apr 2023, 19:13
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/hacksparrow/safe-eval/issues/35 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/hacksparrow/safe-eval/issues/33 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/hacksparrow/safe-eval/issues/27 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/hacksparrow/safe-eval/issues/32 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/hacksparrow/safe-eval/issues/31 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/hacksparrow/safe-eval/issues/34 - Exploit, Issue Tracking, Third Party Advisory | |
First Time |
Safe-eval Project safe-eval
Safe-eval Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 10.0 |
CPE | cpe:2.3:a:safe-eval_project:safe-eval:*:*:*:*:*:node.js:*:* | |
CWE | CWE-1321 |
11 Apr 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-11 05:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-26122
Mitre link : CVE-2023-26122
CVE.ORG link : CVE-2023-26122
JSON object : View
Products Affected
safe-eval_project
- safe-eval