CyberSec.Space Logo
Back to CVE Browser

CVE-2017-16088

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile35.01th
PublishedJun 7, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Affected Platforms (CPE)

πŸ“¦
Safe Eval Project

Safe Eval

= 0.0.0
πŸ“¦
Safe Eval Project

Safe Eval

= 0.1.0
πŸ“¦
Safe Eval Project

Safe Eval

= 0.2.0
πŸ“¦
Safe Eval Project

Safe Eval

= 0.3.0

References & Advisories

πŸ”— https://github.com/hacksparrow/safe-eval/issues/5
πŸ”— https://github.com/patriksimek/vm2/issues/59
πŸ”— https://nodesecurity.io/advisories/337
πŸ”— https://github.com/hacksparrow/safe-eval/issues/5
πŸ”— https://github.com/patriksimek/vm2/issues/59
πŸ”— https://nodesecurity.io/advisories/337

Related Vulnerabilities

CVE-2021-400849.8

opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it al...

CVE-2014-46579.8

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execut...

CVE-2014-46789.8

The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execut...

CVE-2014-66338.8

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x...