Beny Zeltser

**Name of the Vulnerable Software and Affected Versions** safer-eval versions prior to 1.3.4 **Description** The issue allows for Arbitrary Code Execution through a Sandbox Escape. This can be achieved by using constructor properties to escape the sandbox, enabling the execution of arbitrary code. For example, evaluating the string `console.constructor.constructor('return process')().env` can print `process.env` to the console. **Recommendations** Upgrade to version 1.3.4 or later.