Name of the Vulnerable Software and Affected Versions safe-eval versions all

Description The issue allows for Sandbox Escape, leading to Remote Code Execution. It can be exploited using a payload that chains a function's callee and caller constructors to escape the sandbox and execute arbitrary code. For instance, a payload can be used to print the current working directory to the console by leveraging the child process module.

Recommendations For all versions, consider using an alternative package until a fix is made available. As a temporary workaround, consider avoiding the use of the safe-eval package to minimize the risk of exploitation.