← Back

Safe Eval Project

safe-eval_project

5 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Safe Eval
safe-eval
5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-26122
1Safe Eval Project
1Safe Eval
Feb 7, 2025
Apr 11, 2023
N/A· v4
10.0 CRITICAL· v3
N/A· v2
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in...Show more
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().Show less
CVE-2023-26121
1Safe Eval Project
1Safe Eval
Feb 10, 2025
Apr 11, 2023
N/A· v4
10.0 CRITICAL· v3
N/A· v2
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.
CVE-2022-25904
1Safe Eval Project
1Safe Eval
Apr 16, 2025
Dec 20, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the funct...Show more
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.Show less
CVE-2020-7710
1Safe Eval Project
1Safe Eval
Nov 21, 2024
Aug 21, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine.
CVE-2017-16088
1Safe Eval Project
1Safe Eval
Nov 21, 2024
Jun 7, 2018
N/A· v4
10.0 CRITICAL· v3
10.0 HIGH· v2
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.