All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.
References
Link | Resource |
---|---|
https://gist.github.com/seongil-wi/9d9fc0cc5b7b130419cd45827e59c4f9 | Exploit Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/28 | Exploit Issue Tracking Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373062 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-04-11T05:00:01.308Z
Updated: 2023-04-11T05:00:01.308Z
Reserved: 2023-02-20T10:28:48.923Z
Link: CVE-2023-26121
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-11T05:15:07.127
Modified: 2023-11-07T04:09:23.573
Link: CVE-2023-26121
JSON object: View
Redhat Information
No data.
CWE