CVE-2019-10760 · Vexday

CVE-2019-10760

EPSS 2.9%

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.

Affected products

Snyk · safer-eval

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://snyk.io/vuln/SNYK-JS-SAFEREVAL-473029