Critical severityNVD Advisory· Published Oct 15, 2019· Updated Aug 4, 2024

CVE-2019-10760

Description

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
safer-evalnpm	< 1.3.2	1.3.2

Affected products

ghsa-coords
pkg:npm/safer-eval
Range: < 1.3.2
Snyk/safer-evalv5
Range: All versions prior to version 1.3.2

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-hgch-jjmr-gp7wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-10760ghsaADVISORY
github.com/commenthol/safer-eval/commit/1c29f6a6e304fb650c05056e217e457a0d2cc3c5ghsaWEB
snyk.io/vuln/SNYK-JS-SAFEREVAL-473029ghsax_refsource_CONFIRMWEB
www.npmjs.com/advisories/787ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000