Published: 07/06/2018 Updated: 09/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Vulnerable Product	Search on Vulmon	Subscribe to Product
safe-eval project safe-eval 0.3.0
safe-eval project safe-eval 0.0.0
safe-eval project safe-eval 0.2.0
safe-eval project safe-eval 0.1.0

Exploit CVE-2017-16088

CVE-2017-16088 Exploit CVE-2017-16088 wwwwispwispcom/?p=559

Safer version of eval()

safe-eval NOTE safe-eval 030 and below are affected by a sandbox breakout vulnerability - NSP 337, CVE-2017-16088 Version 040 fixes this vulnerability It is highly recommended to upgrade to the latest version if you are using safe-eval for executing code not generated by yourself Thanks @kauegimenes for the patch UPDATE 27/08/2018: There are still ways to crash the No

NVD-CWE-noinfo https://nodesecurity.io/advisories/337 https://github.com/patriksimek/vm2/issues/59 https://github.com/hacksparrow/safe-eval/issues/5 https://nvd.nist.gov https://github.com/Flyy-yu/CVE-2017-16088

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-16088

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect