The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| static-eval(npm) | 0 | 2.0.0 | N/A |
CVSS Metrics
