0.4.1
9 years ago
6 years ago
Known vulnerabilities in the safe-eval package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
safe-eval is a Safer version of eval() Affected versions of this package are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). Vulnerable functions:
How to fix Sandbox Bypass? There is no fixed version for | * |
safe-eval is a Safer version of eval() Affected versions of this package are vulnerable to Prototype Pollution via the How to fix Prototype Pollution? There is no fixed version for | * |
safe-eval is a Safer version of eval() Affected versions of this package are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the How to fix Prototype Pollution? There is no fixed version for | * |
safe-eval is a Safer version of eval() Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine. POC by Anirudh Anand (for node
| * |