On October 10th, 2023, I stumbled upon an arbitrary code execution vulnerability in Babel, which was subsequently assigned the identifier CVE-2023-45133. In this post, I’ll walk you through the journey of discovering and exploiting this intriguing flaw.

Babel's platform is a resource for JavaScript developers, offering insights into JavaScript transpilation, ECMAScript standards, and modern JavaScript features. Through articles, documentation, and plugins, Babel offers insights into transforming JavaScript code to ensure compatibility with older browsers and environments. Developers can learn about using Babel presets, plugins, and configuration options to write modern JavaScript code and support a wide range of platforms.

Babel

A vulnerability in Babel allows for arbitrary code execution, which was assigned the identifier CVE-2023-45133. The proof of concept for the exploit involves using the `evaluate` function in Babel. The vulnerability has been patched by the Babel team.

CVE-2023-45133: Finding an Arbitrary Code Execution Vulnerability In Babel · Babel