CVE-2023-26122
Sandbox Bypass vulnerability in safe-eval (npm)
What is CVE-2023-26122 About?
This vulnerability is a Sandbox Bypass in the 'safe-eval' package, stemming from improper input sanitization and prototype pollution. It can lead to remote code execution (RCE) if exploited. Exploitation is made easier by the ability to manipulate core JavaScript objects.
Affected Software
Technical Details
The vulnerability arises in the 'safe-eval' package due to inadequate sanitization of input, which enables prototype pollution. Attackers can leverage specific vulnerable functions such as __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), and valueOf() to manipulate core JavaScript object prototypes. By injecting malicious properties or modifying existing ones in a prototype, an attacker can bypass the sandbox's restrictions and execute arbitrary code outside of the intended secure environment, ultimately leading to Remote Code Execution.
What is the Impact of CVE-2023-26122?
Successful exploitation may allow attackers to execute arbitrary code outside the sandbox environment, potentially leading to full system compromise, data theft, or denial of service.
What is the Exploitability of CVE-2023-26122?
Exploitation of this Sandbox Bypass vulnerability typically requires crafting a malicious input that can traverse or manipulate the JavaScript prototype chain. The complexity is moderate, as it involves understanding the specific mechanisms of prototype pollution within the 'safe-eval' context. No specific authentication is required if the attacker can submit arbitrary input to the vulnerable function. Local or remote access depends on how the 'safe-eval' function is exposed; if it processes user-controlled input from a network service, it becomes remotely exploitable. The vulnerability is tied to how the application uses the 'safe-eval' package and processes untrusted input, increasing the likelihood of exploitation if inputs are not properly validated.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-26122?
Available Upgrade Options
- No fixes available
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/hacksparrow/safe-eval
- https://github.com/hacksparrow/safe-eval/issues/35
- https://github.com/hacksparrow/safe-eval/issues/27
- https://github.com/hacksparrow/safe-eval/issues/33
- https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce
- https://github.com/hacksparrow/safe-eval/issues/32
- https://osv.dev/vulnerability/GHSA-79xf-67r4-q2jj
- https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce
- https://nvd.nist.gov/vuln/detail/CVE-2023-26122
- https://github.com/hacksparrow/safe-eval/issues/34
What are Similar Vulnerabilities to CVE-2023-26122?
Similar Vulnerabilities: CVE-2020-28283 , CVE-2021-23337 , CVE-2020-28281 , CVE-2020-7798 , CVE-2020-7711
