Severity: high

Sandbox Breakout / Arbitrary Code Execution

safer-eval

Overview

Versions of safer-eval before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.

Remediation

Upgrade to version 1.3.2.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Mar 11th, 2019
  2. reported

    Reported by L1lith
    Mar 8th, 2019