CVE-2020-7710

Name of the Vulnerable Software and Affected Versions safe-eval versions all

Description The issue allows an attacker to run arbitrary commands on the host machine due to a lack of restriction on access to the main context through Error objects. This can lead to Remote Code Execution. An example exploit involves evaluating a payload that manipulates the Error object's prototype and stack property to execute arbitrary code, such as printing the contents of process.env.

Recommendations For all versions of safe-eval, consider using an alternative package until a fix is made available. As a temporary workaround, consider restricting or disabling the use of the safe-eval package to minimize the risk of exploitation.