All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-12-21T01:21:43.830108Z

Updated: 2024-09-16T16:49:16.459Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25904

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-20T05:15:11.487

Modified: 2024-11-21T06:53:11.737

Link: CVE-2022-25904

cve-icon Redhat

No data.