Description
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SAFEREVAL-173772
Related Vulnerabilities
CVE-2021-23507 Vulnerability in npm package object-path-set
CVE-2023-40573 Vulnerability in maven package org.xwiki.platform:xwiki-platform-scheduler-api
CVE-2021-44906 Vulnerability in maven package org.webjars.bowergithub.substack:minimist
CVE-2021-23341 Vulnerability in maven package org.webjars.npm:prismjs
CVE-2022-24999 Vulnerability in maven package org.webjars.npm:qs