CVE-2019-10760 PoC — safer-eval 代码注入漏洞

Source

https://github.com/lirantal/safer-eval-cve-CVE-2019-10760

Associated Vulnerability

Title:safer-eval 代码注入漏洞 (CVE-2019-10760)
Description:safer-eval是一款运行在node和浏览器中的安全评估模块。 safer-eval 1.3.2之前版本中存在代码注入漏洞。该漏洞源于外部输入数据构造代码段的过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞生成非法的代码段，修改网络系统或组件的预期的执行控制流。

Description

Publicly disclosed Proof-of-Concept (POC) exploit for the safer-eval@1.3.1 version

Readme

# safer-eval-cve-CVE-2019-10760

The following proof-of-concept (POC) exploit addressing `safer-eval` version 1.3.1 and below is the first publicly known payload to attack this version range.

File Snapshot


 [4.0K]  /data/pocs/58a7c5aae52c22fa977539f6028b787aef9844b3
├── [ 301]  index.js
├── [ 295]  package.json
├── [ 995]  package-lock.json
└── [ 193]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!