Security
Headlines

Headlines Latest CVEs

Headline

GHSA-33vh-7x8q-mg35: safe-eval vulnerable to Prototype Pollution

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.

2 years ago

safe-eval vulnerable to Prototype Pollution

High severity GitHub Reviewed Published Dec 20, 2022 • Updated Dec 20, 2022

Related news

CVE-2022-25904: Prototype pollution in function safeEval in the file index.js · Issue #26 · hacksparrow/safe-eval

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.

2 years ago

ghsa: Latest News

GHSA-65gg-3w2w-hr4h: Podman Improper Certificate Validation; machine missing TLS verification

8 hours ago

GHSA-gjv3-89hh-9xq2: RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment

9 hours ago

GHSA-h7qf-qmf3-85qg: Allure Report allows Improper XXE Restriction via DocumentBuilderFactory

16 hours ago

GHSA-pgvc-6h2p-q4f6: Umbraco CMS disclosure of configured password requirements

1 day ago

GHSA-wj44-9vcg-wjq7: Gogs allows deletion of internal files which leads to remote command execution

1 day ago