CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-16088

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile35.01th
Published2018年6月7日
Last Modified2024年11月21日

Vulnerability Description

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Affected Platforms (CPE)

📦
Safe Eval Project

Safe Eval

= 0.0.0
📦
Safe Eval Project

Safe Eval

= 0.1.0
📦
Safe Eval Project

Safe Eval

= 0.2.0
📦
Safe Eval Project

Safe Eval

= 0.3.0

References & Advisories

🔗 https://github.com/hacksparrow/safe-eval/issues/5
🔗 https://github.com/patriksimek/vm2/issues/59
🔗 https://nodesecurity.io/advisories/337
🔗 https://github.com/hacksparrow/safe-eval/issues/5
🔗 https://github.com/patriksimek/vm2/issues/59
🔗 https://nodesecurity.io/advisories/337

関連する脆弱性情報

CVE-2021-400849.8

opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it al...

CVE-2014-46579.8

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execut...

CVE-2014-46789.8

The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execut...

CVE-2014-66338.8

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x...