VYPR

npm package

static-eval

pkg:npm/static-eval

Vulnerabilities (1)

  • CVE-2017-16226CriJun 7, 2018
    affected < 2.0.0fixed 2.0.0

    The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.