Anirudh Anand

**Name of the Vulnerable Software and Affected Versions** safe-eval versions all **Description** The issue allows an attacker to run arbitrary commands on the host machine due to a lack of restriction on access to the main context through Error objects. This can lead to Remote Code Execution. An example exploit involves evaluating a payload that manipulates the Error object's prototype and stack property to execute arbitrary code, such as printing the contents of `process.env`. **Recommendations** For all versions of safe-eval, consider using an alternative package until a fix is made available. As a temporary workaround, consider restricting or disabling the use of the safe-eval package to minimize the risk of exploitation.