CVE-2017-16088

EPSS 3.5%CWE-610

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Productos afectados

HackerOne · safe-eval node module

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/hacksparrow/safe-eval/issues/5 https://github.com/patriksimek/vm2/issues/59 https://nodesecurity.io/advisories/337