CVE-2017-16088 - Vulnerability Details

Vendors	Products
Safe-eval Project	Safe-eval

Link	Providers
https://github.com/hacksparrow/safe-eval/issues/5
https://github.com/patriksimek/vm2/issues/59
https://nodesecurity.io/advisories/337

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "safe-eval node module", "vendor": "HackerOne", "versions": [{"status": "affected", "version": "All versions"}]}], "datePublic": "2018-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-610", "description": "Externally Controlled Reference to a Resource in Another Sphere (CWE-610)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-07T01:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/patriksimek/vm2/issues/59"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hacksparrow/safe-eval/issues/5"}, {"tags": ["x_refsource_MISC"], "url": "https://nodesecurity.io/advisories/337"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2018-04-26T00:00:00", "ID": "CVE-2017-16088", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "safe-eval node module", "version": {"version_data": [{"version_value": "All versions"}]}}]}, "vendor_name": "HackerOne"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Externally Controlled Reference to a Resource in Another Sphere (CWE-610)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/patriksimek/vm2/issues/59", "refsource": "MISC", "url": "https://github.com/patriksimek/vm2/issues/59"}, {"name": "https://github.com/hacksparrow/safe-eval/issues/5", "refsource": "MISC", "url": "https://github.com/hacksparrow/safe-eval/issues/5"}, {"name": "https://nodesecurity.io/advisories/337", "refsource": "MISC", "url": "https://nodesecurity.io/advisories/337"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:13:07.169Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/patriksimek/vm2/issues/59"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/hacksparrow/safe-eval/issues/5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nodesecurity.io/advisories/337"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2017-16088", "datePublished": "2018-06-07T02:00:00Z", "dateReserved": "2017-10-29T00:00:00", "dateUpdated": "2024-09-16T16:13:38.445Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : safe-eval node module (string)

vendor : HackerOne (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

]

datePublic : 2018-04-26T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-610 (string)

description : Externally Controlled Reference to a Resource in Another Sphere (CWE-610) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-06-07T01:57:01 (string)

orgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

shortName : hackerone (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/patriksimek/vm2/issues/59 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/hacksparrow/safe-eval/issues/5 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://nodesecurity.io/advisories/337 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : support@hackerone.com (string)

DATE_PUBLIC : 2018-04-26T00:00:00 (string)

ID : CVE-2017-16088 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : safe-eval node module (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions (string)

}

]

}

]

}

vendor_name : HackerOne (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Externally Controlled Reference to a Resource in Another Sphere (CWE-610) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/patriksimek/vm2/issues/59 (string)

refsource : MISC (string)

url : https://github.com/patriksimek/vm2/issues/59 (string)

}

1 : { »

name : https://github.com/hacksparrow/safe-eval/issues/5 (string)

refsource : MISC (string)

url : https://github.com/hacksparrow/safe-eval/issues/5 (string)

}

2 : { »

name : https://nodesecurity.io/advisories/337 (string)

refsource : MISC (string)

url : https://nodesecurity.io/advisories/337 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T20:13:07.169Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/patriksimek/vm2/issues/59 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/hacksparrow/safe-eval/issues/5 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://nodesecurity.io/advisories/337 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

assignerShortName : hackerone (string)

cveId : CVE-2017-16088 (string)

datePublished : 2018-06-07T02:00:00Z (string)

dateReserved : 2017-10-29T00:00:00 (string)

dateUpdated : 2024-09-16T16:13:38.445Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:safe-eval_project:safe-eval:0.0.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "4D79B731-E0EB-45EE-AAE5-67DF7A6C7FAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:safe-eval_project:safe-eval:0.1.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "5C15792D-0910-4081-8862-70FFF06200AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:safe-eval_project:safe-eval:0.2.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "1F446425-972B-4721-A9C5-343B4D0F1935", "vulnerable": true}, {"criteria": "cpe:2.3:a:safe-eval_project:safe-eval:0.3.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "6484CD1E-EE5E-4CEB-AC87-CD05D6FE08F6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox."}, {"lang": "es", "value": "El m\u00f3dulo safe-eval se describe como una versi\u00f3n m\u00e1s segura de eval. Mediante el acceso a los constructores de objeto, las entradas de usuario no saneadas pueden acceder a la totalidad de la biblioteca est\u00e1ndar y salir del sandbox."}], "id": "CVE-2017-16088", "lastModified": "2024-11-21T03:15:47.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-07T02:29:01.643", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://github.com/hacksparrow/safe-eval/issues/5"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://github.com/patriksimek/vm2/issues/59"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/hacksparrow/safe-eval/issues/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/patriksimek/vm2/issues/59"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/337"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-610"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:safe-eval_project:safe-eval:0.0.0:*:*:*:*:node.js:*:* (string)

matchCriteriaId : 4D79B731-E0EB-45EE-AAE5-67DF7A6C7FAD (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:safe-eval_project:safe-eval:0.1.0:*:*:*:*:node.js:*:* (string)

matchCriteriaId : 5C15792D-0910-4081-8862-70FFF06200AE (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:safe-eval_project:safe-eval:0.2.0:*:*:*:*:node.js:*:* (string)

matchCriteriaId : 1F446425-972B-4721-A9C5-343B4D0F1935 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:safe-eval_project:safe-eval:0.3.0:*:*:*:*:node.js:*:* (string)

matchCriteriaId : 6484CD1E-EE5E-4CEB-AC87-CD05D6FE08F6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. (string)

}

1 : { »

lang : es (string)

value : El módulo safe-eval se describe como una versión más segura de eval. Mediante el acceso a los constructores de objeto, las entradas de usuario no saneadas pueden acceder a la totalidad de la biblioteca estándar y salir del sandbox. (string)

}

]

id : CVE-2017-16088 (string)

lastModified : 2024-11-21T03:15:47.833 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 10 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-06-07T02:29:01.643 (string)

references : [ »

0 : { »

source : support@hackerone.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/hacksparrow/safe-eval/issues/5 (string)

}

1 : { »

source : support@hackerone.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/patriksimek/vm2/issues/59 (string)

}

2 : { »

source : support@hackerone.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://nodesecurity.io/advisories/337 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/hacksparrow/safe-eval/issues/5 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/patriksimek/vm2/issues/59 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://nodesecurity.io/advisories/337 (string)

}

]

sourceIdentifier : support@hackerone.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-610 (string)

}

]

source : support@hackerone.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object