CVE-2023-26122 : All versions of the package safe-eval are vulnerable to Sandbox Bypass due to im

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().

Published 2023-04-11 05:15:07

Updated 2025-02-07 17:15:25

Source Snyk

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-26122

Safe-eval Project » Safe-eval » For Node.js
Versions up to, including, (<=) 0.4.1
cpe:2.3:a:safe-eval_project:safe-eval:*:*:*:*:*:node.js:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-26122

EPSS FAQ

2.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-26122

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	3.9	6.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	Snyk
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-26122

CWE-265

Assigned by: report@snyk.io (Secondary)
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2023-26122

https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064

Sandbox Bypass in safe-eval | CVE-2023-26122 | Snyk
Exploit;Issue Tracking;Third Party Advisory
https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce

safe-eval 0.4.1 exploit #2 · GitHub
Exploit;Third Party Advisory
https://github.com/hacksparrow/safe-eval/issues/32

Sandbox Escape Bug · Issue #32 · hacksparrow/safe-eval · GitHub
Exploit;Issue Tracking;Third Party Advisory
https://github.com/hacksparrow/safe-eval/issues/35

Sandbox Escape Bug · Issue #35 · hacksparrow/safe-eval · GitHub
Exploit;Issue Tracking;Third Party Advisory
https://github.com/hacksparrow/safe-eval/issues/34

Sandbox Escape Bug · Issue #34 · hacksparrow/safe-eval · GitHub
Exploit;Issue Tracking;Third Party Advisory
https://github.com/hacksparrow/safe-eval/issues/27

Sandbox Escape · Issue #27 · hacksparrow/safe-eval · GitHub
Exploit;Issue Tracking;Third Party Advisory
https://github.com/hacksparrow/safe-eval/issues/31

Sandbox Escape Bug · Issue #31 · hacksparrow/safe-eval · GitHub
Exploit;Issue Tracking;Third Party Advisory
https://github.com/hacksparrow/safe-eval/issues/33

Sandbox Escape Bug · Issue #33 · hacksparrow/safe-eval · GitHub
Exploit;Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-26122

Products affected by CVE-2023-26122

Exploit prediction scoring system (EPSS) score for CVE-2023-26122

CVSS scores for CVE-2023-26122

CWE ids for CVE-2023-26122

References for CVE-2023-26122