Npm · Safe-Eval · CVE-2019-10759
**Name of the Vulnerable Software and Affected Versions**
safer-eval versions prior to 1.3.4
**Description**
The issue allows for Arbitrary Code Execution through a Sandbox Escape. This can be achieved by using constructor properties to escape the sandbox, enabling the execution of arbitrary code. For example, evaluating the string `console.constructor.constructor('return process')().env` can print `process.env` to the console.
**Recommendations**
Upgrade to version 1.3.4 or later.