Critical severity9.8NVD Advisory· Published Jun 7, 2018· Updated Jun 17, 2026
CVE-2017-16226
CVE-2017-16226
Description
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
static-evalnpm | < 2.0.0 | 2.0.0 |
Affected products
2- Range: <=1.1.1
Patches
Vulnerability mechanics
References
6- github.com/substack/static-eval/pull/18nvdPatchThird Party AdvisoryWEB
- nodesecurity.io/advisories/548nvdExploitThird Party Advisory
- github.com/advisories/GHSA-5mjw-6jrh-hvfqghsaADVISORY
- maustin.net/articles/2017-10/static_evalnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-16226ghsaADVISORY
- www.npmjs.com/advisories/548ghsaWEB
News mentions
0No linked articles in our index yet.