GHSA-r3x4-wr4h-pw33

Source

https://github.com/advisories/GHSA-r3x4-wr4h-pw33

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-r3x4-wr4h-pw33/GHSA-r3x4-wr4h-pw33.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r3x4-wr4h-pw33

Aliases

CVE-2019-10759

Published

2019-10-21T21:58:34Z

Modified

2025-01-14T07:14:41.627600Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Sandbox Breakout / Arbitrary Code Execution in safer-eval

Details

Versions of safer-eval prior to 1.3.4 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. For example, evaluating he string console.constructor.constructor('return process')().env prints process.env to the console.

Recommendation

Upgrade to version 1.3.4 or later.

Database specific

{
    "severity": "CRITICAL",
    "github_reviewed_at": "2019-10-17T17:06:35Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "nvd_published_at": "2019-10-15T15:15:00Z",
    "github_reviewed": true
}

References

Affected packages

npm / safer-eval

Package

Name: safer-eval; View open source insights on deps.dev
Purl: pkg:npm/safer-eval

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-r3x4-wr4h-pw33/GHSA-r3x4-wr4h-pw33.json"