Description
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
Remediation
References
https://snyk.io/vuln/SNYK-JS-SAFEREVAL-173772
Related Vulnerabilities
CVE-2020-25711 Vulnerability in maven package org.infinispan:infinispan-server-runtime
CVE-2022-25857 Vulnerability in maven package org.yaml:snakeyaml
CVE-2022-34115 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2023-26110 Vulnerability in npm package node-bluetooth
CVE-2022-29172 Vulnerability in maven package org.webjars.npm:auth0-lock