Safer-Eval Project: Security Vulnerabilities
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-12-06
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVSS Score
9.9
EPSS Score
0.01
Published
2019-10-15
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVSS Score
9.9
EPSS Score
0.167
Published
2019-10-15