npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| expr-eval(npm) | 0 | N/A | N/A |
| expr-eval-fork(npm) | 0 | 2.0.2 | N/A |
CVSS Metrics
