Vulnerabilities > CVE-2023-26121 - Unspecified vulnerability in Safe-Eval Project Safe-Eval

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

safe-eval-project

critical

NVD

Published: 2023-04-11

Updated: 2024-11-21

Summary

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.

Vulnerable Configurations

Part	Description	Count
Application	Safe-Eval_Project Safe Eval Project Safe Eval 0.0.0 Safe Eval Project Safe Eval 0.1.0 Safe Eval Project Safe Eval 0.2.0 Safe Eval Project Safe Eval 0.3.0 Safe Eval Project Safe Eval 0.4.0 Safe Eval Project Safe Eval 0.4.1	6

References

https://gist.github.com/seongil-wi/9d9fc0cc5b7b130419cd45827e59c4f9
https://gist.github.com/seongil-wi/9d9fc0cc5b7b130419cd45827e59c4f9
https://github.com/hacksparrow/safe-eval/issues/28
https://github.com/hacksparrow/safe-eval/issues/28
https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373062
https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373062