Safe Eval
CVE-2023-26122
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). Vulnerable functions: __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().
AnalysisAI
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-265. All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). Vulnerable functions: __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf(). Affected products include: Safe-Eval Project Safe-Eval.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify proper
This affects all versions of package safe-eval. Rated critical severity (CVSS 9.8), this vulnerability is remotely explo
Same weakness CWE-265 – Privilege Issues
View allShare
External POC / Exploit Code
Leaving vuln.today