Sandbox Breakout / Arbitrary Code Executionsafer-eval
safer-eval before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
Upgrade to version 1.3.2.
Have content suggestions? Send them to [email protected]
publishedAdvisory PublishedMar 11th, 2019
reportedReported by L1lithMar 8th, 2019