CVE-2017-16226

EPSS 3.6%CWE-20

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.

Productos afectados

HackerOne · static-eval node module node module

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/substack/static-eval/pull/18 https://maustin.net/articles/2017-10/static_eval https://nodesecurity.io/advisories/548