CVE-2022-25904
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
Summary
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | safe-eval | 0 < unspecified | affected |
Weaknesses
- Prototype Pollution
ADP Enrichment
CVE Program Container
Additional References
- https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3175701
- https://github.com/hacksparrow/safe-eval/issues/26
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3175701
- https://github.com/hacksparrow/safe-eval/issues/26
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.