CVE-2023-26122

CRITICAL Year: 2023
CVSS v3 Score
10.0
Critical
Weakness Type
CWE-265
View all →

Vulnerability Description

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().

Related Vulnerabilities

CVE-2020-1889

CRITICAL
CVSS:10.0(Critical)

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution v...

CWE-2652020

CVE-2023-5223

CRITICAL
CVSS:9.9(Critical)

A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to...

CWE-2652023

CVE-2020-1889

CRITICAL
CVSS:10.0(Critical)

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution v...

CWE-2652020

CVE-2023-5223

CRITICAL
CVSS:9.9(Critical)

A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to...

CWE-2652023

CVE-2024-2007

MEDIUM
CVSS:5.3(Medium)

A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads...

CWE-2652024