cvedb.io
CVE-2023-26122
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2023-04-11T05:15:07.180 · Last modified 2026-06-17T05:42:43.610

Summary

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().

Affected products

safe-eval_project — safe-eval

Does this affect you?

Add your gear to cvedb and we'll alert you only when safe-eval_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.