CVE-2017-16088

EPSS 3.5%CWE-610

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Affected products

HackerOne · safe-eval node module

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/hacksparrow/safe-eval/issues/5 https://github.com/patriksimek/vm2/issues/59 https://nodesecurity.io/advisories/337