Safer-Eval Project Safer-Eval vulnerabilities
3 known vulnerabilities affecting safer-eval_project/safer-eval.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3
Vulnerabilities
Page 1 of 1
CVE-2019-10760P2CRITICALCVSS 9.9fixed in 1.3.22019-10-15
CVE-2019-10760 [CRITICAL] CVE-2019-10760: safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor prop
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
ghsanvdosv
CVE-2019-10759P3CRITICALCVSS 9.9fixed in 1.3.42019-10-15
CVE-2019-10759 [CRITICAL] CVE-2019-10759: safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor prop
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
ghsanvdosv
CVE-2019-10769P3CRITICAL≥ 0, ≤ 1.3.62019-12-11
CVE-2019-10769 [CRITICAL] CWE-20 Sandbox Breakout / Arbitrary Code Execution in safer-eval
Sandbox Breakout / Arbitrary Code Execution in safer-eval
All versions of `safer-eval` are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system.
## Recommendation
The package is not meant to receive user input. Consider us
ghsaosv