All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation.
Exploiting this vulnerability might result in remote code execution ("RCE").
**Vulnerable functions:**
__defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2023-04-11T05:00:02.658Z
Updated: 2024-08-02T11:39:06.576Z
Reserved: 2023-02-20T10:28:48.923Z
Link: CVE-2023-26122
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-11T05:15:07.180
Modified: 2024-11-21T07:50:49.300
Link: CVE-2023-26122
Redhat
No data.