Safer version of eval()
Known vulnerabilities in the safe-eval package. This does not include vulnerabilities belonging to this package’s dependencies.Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
safe-eval is a Safer version of eval()
Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine.
POC by Anirudh Anand (for node
Affected versions of this package are vulnerable to Sandbox Escaping. User input is not sanitized before being passed on to the safeEval function. A malicious user could access the object constructors, allowing access to the standard library, then escaping the sandbox.
Proof of Concept:
How to fix Sandbox Escaping?