RSS   Vulnerabilities for 'Safe-eval'   RSS

2020-08-21
 
CVE-2020-7710

CWE-269
 

 
This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine.

 
2018-06-06
 
CVE-2017-16088

CWE-noinfo
 

 
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

 


Copyright 2024, cxsecurity.com

 

Back to Top