Security Advisory

CVE-2023-26122

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-04-11 05:00:02
Last updated 2025-02-07 16:56:45
Assigner snyk
State PUBLISHED

Description

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().