Name of the Vulnerable Software and Affected Versions localeval versions (affected versions not specified)

Description The issue allows for Sandbox Escape leading to Remote Code Execution due to the package's failure to restrict access to the main context through constructor.constructor. This could enable attackers to execute arbitrary code in the system. Evaluating a specific payload, such as constructor.constructor("return process.env")(), can return the contents of process.env.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.