CVE-2017-16088

Published: Jun 7, 2018Modified: Nov 21, 2024

10.0

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Affected (4)

Products: Safe Eval Project: Safe Eval

Safe Eval Project

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Safe Eval Project Safe Eval	Version 0.0.0
Safe Eval Project Safe Eval	Version 0.1.0
Safe Eval Project Safe Eval	Version 0.2.0
Safe Eval Project Safe Eval	Version 0.3.0

Related CWEs

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References (6)

https://github.com/hacksparrow/safe-eval/issues/5

Source: support@hackerone.com

Third Party Advisory

https://github.com/patriksimek/vm2/issues/59

Source: support@hackerone.com

Third Party Advisory

https://nodesecurity.io/advisories/337

Source: support@hackerone.com

Third Party Advisory

https://github.com/hacksparrow/safe-eval/issues/5

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/patriksimek/vm2/issues/59

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://nodesecurity.io/advisories/337

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.