npm package
safer-eval
pkg:npm/safer-eval
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10769 | — | <= 1.3.6 | — | Dec 6, 2019 | safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError. | ||
| CVE-2019-10760 | — | < 1.3.2 | 1.3.2 | Oct 15, 2019 | safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | ||
| CVE-2019-10759 | — | < 1.3.4 | 1.3.4 | Oct 15, 2019 | safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. |
- CVE-2019-10769Dec 6, 2019affected <= 1.3.6
safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError.
- CVE-2019-10760Oct 15, 2019affected < 1.3.2fixed 1.3.2
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
- CVE-2019-10759Oct 15, 2019affected < 1.3.4fixed 1.3.4
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.