CVE-2017-16226

EPSS 3.6%CWE-20

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.

Produtos afetados

HackerOne · static-eval node module node module

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/substack/static-eval/pull/18 https://maustin.net/articles/2017-10/static_eval https://nodesecurity.io/advisories/548