Lucene search
GoogleOSV:CVE-2019-10760HistoryOct 15, 2019 - 3:15 p.m.
CVE-2019-10760
2019-10-1515:15:11
Google
osv.dev
6
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| safer-eval | eq | 1.0.0 | |
| safer-eval | eq | 1.2.2 | |
| safer-eval | eq | 1.2.1 | |
| safer-eval | eq | 1.2.0 | |
| safer-eval | eq | 1.3.1 | |
| safer-eval | eq | 1.2.3 | |
| safer-eval | eq | 1.1.0 | |
| safer-eval | eq | 1.0.1 | |
| safer-eval | eq | 1.3.0 |
References
Related
cve
cve
CVE-2019-10760
2019-10-15 15:15:11
github
github
Sandbox Breakout / Arbitrary Code Execution in safer-eval
2019-10-17 18:27:30
veracode
veracode
Prototype Pollution
2019-03-18 06:47:17
nvd
nvd
CVE-2019-10760
2019-10-15 15:15:11
osv
osv
Sandbox Breakout / Arbitrary Code Execution in safer-eval
2019-10-17 18:27:30
prion
prion
Code injection
2019-10-15 15:15:00
cvelist
cvelist
CVE-2019-10760
2019-10-15 14:53:11