Prototype Pollution in Safe-eval_project Safe-eval
CVE-2022-25904
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variabl…
Vulnerability class: Prototype Pollution
EPSS: 0.009 (54.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Safe-eval_project Safe-eval
- N/a Safe-eval — versions 0
Weakness classification (CWE)
References
- report@snyk.io (Exploit, Third Party Advisory, Issue Tracking)
- report@snyk.io (Exploit, Third Party Advisory, Issue Tracking)
Frequently asked questions
- What is CVE-2022-25904?
- CVE-2022-25904 is a high-severity vulnerability in Safe-eval_project Safe-eval, classified under Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution). CVSS score: 7.5/10. Published 2022-12-20.
- How severe is CVE-2022-25904?
- High severity. CVSS v3 base score is 7.5 out of 10.