All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.
References
Link | Resource |
---|---|
https://github.com/hacksparrow/safe-eval/issues/26 | Exploit Issue Tracking Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3175701 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2022-12-20T00:00:00
Updated: 2022-12-20T00:00:00
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-25904
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-20T05:15:11.487
Modified: 2022-12-29T18:43:35.353
Link: CVE-2022-25904
JSON object: View
Redhat Information
No data.
CWE