Description

safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.

Remediation

References

https://snyk.io/vuln/SNYK-JS-SAFEREVAL-173772

Related Vulnerabilities

CVE-2014-3603 Vulnerability in maven package org.opensaml:opensaml

CVE-2023-40572 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2011-4905 Vulnerability in maven package activemq:activemq-core

CVE-2022-32287 Vulnerability in maven package org.apache.uima:uimaj-core

CVE-2021-21697 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory NVD-CWE-noinfo