10

CVE-2023-26122

Exploit
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.
Exploiting this vulnerability might result in remote code execution ("RCE").

**Vulnerable functions:**

__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(),  valueOf().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Safe-eval ProjectSafe-eval SwPlatformnode.js Version <= 0.4.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.18% 0.866
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
report@snyk.io 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

https://github.com/hacksparrow/safe-eval/issues/27
Third Party Advisory
Exploit
Issue Tracking
https://github.com/hacksparrow/safe-eval/issues/31
Third Party Advisory
Exploit
Issue Tracking
https://github.com/hacksparrow/safe-eval/issues/32
Third Party Advisory
Exploit
Issue Tracking
https://github.com/hacksparrow/safe-eval/issues/33
Third Party Advisory
Exploit
Issue Tracking
https://github.com/hacksparrow/safe-eval/issues/34
Third Party Advisory
Exploit
Issue Tracking
https://github.com/hacksparrow/safe-eval/issues/35
Third Party Advisory
Exploit
Issue Tracking
https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064
Third Party Advisory
Exploit
Issue Tracking