safer-eval

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting safer-evalpage 1 of 1

CVE-2019-10759CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.3.4
2019-10-15
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-10760CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.3.2
2019-10-15
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVE-2019-10769CRITICALCVSS 9.8EG 9.8
2019-12-06
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError.

Check whether safer-eval is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for safer-eval CVEs against the assets you own.

Start Free Scan →