You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,9 @@
4
4
5
5
`safe-eval``0.3.0` and below are affected by a sandbox breakout vulnerability - [NSP 337](https://nodesecurity.io/advisories/337), [CVE-2017-16088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16088).
6
6
7
-
Version `0.4.0` fixes this vulnerability. It is highly recommended to upgrade to the latest version if you are using `safe-eval` for executing code not generated by yourself. Thanks @kauegimenes for the patch.
7
+
Version `0.4.0` fixes this vulnerability. It is highly recommended to upgrade to the latest version if you are using `safe-eval` for executing code not generated by yourself. Thanks [@kauegimenes](https://github.com/kauegimenes) for the patch.
8
+
9
+
_UPDATE 27/08/2018:_ There are still ways to crash the Node process, please use `safe-eval` only with content created by yourself or from trusted sources. User-submitted data should not be run through `safe-eval`. Thanks [@cpcallen](https://github.com/cpcallen) for the report.
0 commit comments