All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2023-04-11T05:00:02.658Z

Updated: 2024-08-02T11:39:06.576Z

Reserved: 2023-02-20T10:28:48.923Z

Link: CVE-2023-26122

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-11T05:15:07.180

Modified: 2024-11-21T07:50:49.300

Link: CVE-2023-26122

cve-icon Redhat

No data.