CVE-2019-10760
CRITICAL9.9EPSS 10.8%Sandbox Breakout / Arbitrary Code Execution in safer-eval
發布日:2019/10/17修改日:2026/3/13
描述
Versions of `safer-eval` before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. ## Recommendation Upgrade to version 1.3.2.
受影響套件(1)
- npm/safer-evalfrom 0, < 1.3.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |