Prototype Pollution in Safe-eval_project Safe-eval

CVE-2022-25904

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variabl…

Vulnerability class: Prototype Pollution

EPSS: 0.009 (54.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-25904?
CVE-2022-25904 is a high-severity vulnerability in Safe-eval_project Safe-eval, classified under Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution). CVSS score: 7.5/10. Published 2022-12-20.
How severe is CVE-2022-25904?
High severity. CVSS v3 base score is 7.5 out of 10.