Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
safe-eval 安全漏洞
Vulnerability Description
safe-eval是Hage Yaapa个人开发者的一个 eval() 函数的更安全的版本。 safe-eval存在安全漏洞,该漏洞源于容易受到原型污染的影响,这允许攻击者在使用函数safeEval时可以添加或修改Object.prototype.Consolidate的属性。
CVSS Information
N/A
Vulnerability Type
N/A