CVE-2017-16088

EPSS 3.5%CWE-610

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Produtos afetados

HackerOne · safe-eval node module

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/hacksparrow/safe-eval/issues/5 https://github.com/patriksimek/vm2/issues/59 https://nodesecurity.io/advisories/337