The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| expr-eval(npm) | 0 | N/A | N/A |
| expr-eval-fork(npm) | 0 | 3.0.1 | N/A |
CVSS Metrics
