Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-26121

CVSS 7.5 · High EPSS 0.35% · P57
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-26121

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1321
Source: NVD (National Vulnerability Database)
Vulnerability Title
safe-eval 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
safe-eval是Hage Yaapa个人开发者的一个 eval() 函数的更安全的版本。 safe-eval存在安全漏洞,该漏洞源于对safeEval函数的参数清理不正确,从而导致原型污染。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-safe-eval 0 ~ * -

II. Public POCs for CVE-2023-26121

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-26121

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-04-11 · 44 CVEs total

CVE-2023-261228.8 HIGHsafe-eval 安全漏洞
CVE-2023-26964hyper 安全漏洞
CVE-2023-26847OpenCats 跨站脚本漏洞
CVE-2023-26917libyang 代码问题漏洞
CVE-2023-27179GDidees CMS 代码问题漏洞
CVE-2023-27645POWERAMP 安全漏洞
CVE-2023-28340Zoho ManageEngine Applications Manager 代码问题漏洞
CVE-2023-28341Zoho ManageEngine Applications Manager 跨站脚本漏洞
CVE-2023-29492Novi Survey 代码注入漏洞
CVE-2023-29576Bento4 缓冲区错误漏洞
CVE-2023-27192DUALSPACE Super Secuirty 安全漏洞
CVE-2023-26846OpenCats 跨站脚本漏洞
CVE-2023-26845OpenCats 跨站请求伪造漏洞
CVE-2023-26554NTP 缓冲区错误漏洞
CVE-2023-26553NTP 缓冲区错误漏洞
CVE-2023-26552NTP 缓冲区错误漏洞
CVE-2023-26551NTP 缓冲区错误漏洞
CVE-2023-26260Oxid Esales OXID eShop 安全漏洞
CVE-2023-25415ATEN International PE8108 安全漏洞
CVE-2023-25414ATEN International PE8108 安全漏洞

Showing top 20 of 44 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: safe-eval
Same vendor: n/a
Same weakness: CWE-1321

V. Comments for CVE-2023-26121

No comments yet

Leave a comment