Description
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.
Remediation
References
https://github.com/hacksparrow/safe-eval/issues/26
https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3175701
Related Vulnerabilities
CVE-2022-25766 Vulnerability in npm package ungit
CVE-2022-25231 Vulnerability in npm package node-opcua
CVE-2022-35204 Vulnerability in npm package vite
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r4b
CVE-2020-5259 Vulnerability in maven package org.webjars.bower:dojox