safe-eval
Corrigido em
0.3.1
CVE-2017-16088 is a critical vulnerability affecting versions of safe-eval up to 0.3.0. This flaw allows attackers to escape the intended sandbox environment by exploiting object constructors, granting them access to the entire standard library. Successful exploitation can lead to complete compromise of the system. A fix is available in version 0.4.0 and later.
The impact of CVE-2017-16088 is severe. An attacker can leverage this vulnerability to bypass the intended security restrictions of the safe-eval sandbox. By manipulating object constructors with unsanitized user input, they can execute arbitrary code within the Node.js process, effectively gaining full control. This could involve reading sensitive files, modifying system configurations, or even executing malicious commands. The ability to access the entire standard library significantly expands the attack surface, making it a particularly dangerous vulnerability. This is akin to a complete compromise of the application relying on safe-eval for security.
CVE-2017-16088 was publicly disclosed on July 18, 2018. A proof-of-concept (PoC) demonstrating the sandbox escape was also released, making exploitation relatively straightforward. While no active exploitation campaigns have been definitively linked to this CVE, the availability of a PoC increases the risk of opportunistic attacks. The vulnerability is not currently listed on the CISA KEV catalog.
Applications relying on safe-eval for sandboxing user-provided code are at risk. This includes web applications, scripting environments, and any system where user input is evaluated within a restricted context. Specifically, projects using older versions of safe-eval (≤0.3.0) and lacking robust input validation are particularly vulnerable.
• nodejs / server:
ps aux | grep 'safe-eval' | grep -i 'exit()' # Check for processes using safe-eval and potentially executing exit()• nodejs / server:
npm list safe-eval # Check installed version of safe-eval• generic web:
Inspect Node.js application code for usage of safe-eval and ensure proper input sanitization.
disclosure
Status do Exploit
EPSS
2.06% (percentil 84%)
Vetor CVSS
The primary mitigation for CVE-2017-16088 is to upgrade to safe-eval version 0.4.0 or later, which addresses the sandbox escape vulnerability. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing strict input validation and sanitization to prevent malicious code from being injected into the safe-eval context. While not a complete solution, this can reduce the attack surface. Thoroughly test any configuration changes or workarounds in a non-production environment before deploying them to production. After upgrading, confirm the fix by attempting to execute the provided proof-of-concept code – it should no longer succeed.
Nenhum patch oficial disponível. Procure alternativas ou monitore atualizações.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2017-16088 is a critical vulnerability in safe-eval versions up to 0.3.0 that allows attackers to escape the sandbox by manipulating object constructors, potentially granting full control of the system.
You are affected if you are using safe-eval version 0.3.0 or earlier. Check your project dependencies to determine if you are using a vulnerable version.
Upgrade to safe-eval version 0.4.0 or later to resolve this vulnerability. If upgrading is not immediately possible, implement strict input validation and sanitization.
While no confirmed active exploitation campaigns are publicly known, the availability of a proof-of-concept increases the risk of opportunistic attacks.
Refer to the npm advisory for CVE-2017-16088: https://www.npmjs.com/advisories/795
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.