Lucene search
XmiliaHNODEJS:1428HistoryDec 11, 2019 - 4:50 p.m.
Sandbox Breakout / Arbitrary Code Execution
2019-12-1116:50:15
XmiliaH
www.npmjs.com
11
EPSS
0.009
Percentile
82.3%
Overview
All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context and is not suited to process arbitrary user input. This may allow attackers to execute arbitrary code in the system.
Recommendation
The package is not meant to receive user input. Consider using an alternative package until a fix is made available.
References
Related
nvd
nvd
CVE-2019-10769
2019-12-06 23:15:11
CVE-2020-24391
2021-03-30 21:15:13
huntr
huntr
Code Injection in commenthol/safer-eval
2020-02-21 00:00:00
cve
cve
CVE-2019-10769
2019-12-06 23:15:11
CVE-2020-24391
2021-03-30 21:15:13
osv
osv
Sandbox Breakout / Arbitrary Code Execution in safer-eval
2019-12-11 02:01:44
CVE-2020-24391
2021-03-30 21:15:13
Remote code execution in mongo-express
2021-04-13 15:41:01
github
github
Sandbox Breakout / Arbitrary Code Execution in safer-eval
2019-12-11 02:01:44
Remote code execution in mongo-express
2021-04-13 15:41:01
cvelist
cvelist
CVE-2019-10769
2019-12-06 22:49:56
CVE-2020-24391
2021-03-30 20:52:58
prion
prion
Design/Logic Flaw
2019-12-06 23:15:00
Design/Logic Flaw
2021-03-30 21:15:00
veracode
veracode
Remote Code Execution (RCE)
2019-12-09 08:05:21
Remote Code Execution (RCE)
2021-03-31 03:13:01