CVE-2017-16088

Critical

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access…

hackerone·CWE-610·Published 2018-06-07

CVSS

10.0

EPSS

0.03

KEV

Exploits

cve.orgen

208 chars

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

NVDen

208 chars

OSV.deven

458 chars

Affected versions of `safe-eval` are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. ## Proof of Concept: This code accesses the process object and calls `.exit()` ```js var safeEval = require('safe-eval'); safeEval("this.constructor.constructor('return process')().exit()"); ``` ## Recommendation Update to version 0.4.0 or later

GHSAen

458 chars

NVDes

231 chars

El módulo safe-eval se describe como una versión más segura de eval. Mediante el acceso a los constructores de objeto, las entradas de usuario no saneadas pueden acceder a la totalidad de la biblioteca estándar y salir del sandbox.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.0	Primary	NVD	10.0	3.9	6.0	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.1	Secondary	GHSA	10.0	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H