What the vulnerability does

01Description

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Key dates

02Disclosure timeline

June 7, 2018 CVE published
September 16, 2024 Record updated