CVE-2023-26121: safe-eval vulnerable to Prototype Pollution via the safeEval function

April 11, 2023 (updated November 7, 2023)

All versions of the package safe-eval is vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.

References

gist.github.com/seongil-wi/9d9fc0cc5b7b130419cd45827e59c4f9
github.com/advisories/GHSA-hcg3-56jf-x4vh
github.com/hacksparrow/safe-eval/issues/28
nvd.nist.gov/vuln/detail/CVE-2023-26121
security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373062

Detect and mitigate CVE-2023-26121 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →