Skip to content

Remote Code Execution Vulnerability due to Sandbox Bypass

Critical
commenthol published GHSA-v63x-xc9j-hhvq Dec 6, 2019 · 1 comment

Package

npm safer-eval (npm)

Affected versions

>0.0.0

Patched versions

None

Description

Impact

  • Remote Code Execution
  • Cross Site Scripting

Patches

There will be no patch available.

Workarounds

Please use other packages like vm2.

References

The issue was originally reported to the project vm2 by @XmiliaH in an issue here.

Severity

Critical

CVE ID

No known CVE

Weaknesses

No CWEs