Arbitrary Code Execution

2018-05-3103:12:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.015 Low

EPSS

Percentile

87.1%

JSON

static-eval is vulnerable to arbitrary code execution attacks. The vulnerability exists due to a sandbox escape issue where an unsanitized user input can lead to arbitrary code execution.

CPENameOperatorVersion
static-evalle1.1.1
static-evaleq0.2.0

CPE	Name	Operator	Version
	static-eval	le	1.1.1
	static-eval	eq	0.2.0

References

github.com/substack/static-eval/commit/c06f1b8c0a0cd1cc989c025fbb4c5776fc661c2c

github.com/substack/static-eval/issues/4

github.com/substack/static-eval/pull/18

maustin.net/articles/2017-10/static_eval

nodesecurity.io/advisories/548

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for VERACODE:6439