safe-eval

npm5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting safe-evalpage 1 of 1

CVE-2017-16088CRITICALCVSS 10.0EG 10.0
2018-06-07
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.
CVE-2020-7710HIGHCVSS 8.1EG 9.8
2020-08-21
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine.
CVE-2022-25904HIGHCVSS 7.5EG 9.8
2022-12-20
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variabl…
CVE-2023-26121HIGHCVSS 7.5EG 10.0
2023-04-11
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.
CVE-2023-26122HIGHCVSS 8.8EG 10.0
2023-04-11
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execut…

Check whether safe-eval is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for safe-eval CVEs against the assets you own.

Start Free Scan →