All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.
Exploiting this vulnerability might result in remote code execution ("RCE").
**Vulnerable functions:**
__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().
References
Link | Resource |
---|---|
https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce | Exploit Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/27 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/31 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/32 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/33 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/34 | Exploit Issue Tracking Third Party Advisory |
https://github.com/hacksparrow/safe-eval/issues/35 | Exploit Issue Tracking Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-04-11T05:00:02.658Z
Updated: 2023-04-11T05:00:02.658Z
Reserved: 2023-02-20T10:28:48.923Z
Link: CVE-2023-26122
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-11T05:15:07.180
Modified: 2023-11-07T04:09:23.770
Link: CVE-2023-26122
JSON object: View
Redhat Information
No data.