3 matches found
3d-tiles-tools (>=0.1.0 <=0.1.3), 3m5-coco (>=0.0.2 <=0.0.8) +1132 more potentially affected by CVE-2017-16226 via static-eval (>=0.0.0 <=1.1.1)
static-eval NPM version =0.0.0, =0.1.0, =0.0.2, =0.16.0, =0.0.11, =0.1.27, =0.1.2, =1.0.0, =1.1.3, =3.4.0, =5.1.5 - @arve.knudsen/sheetify-stylus =2.0.0 and more Source cves: CVE-2017-16226 Source advisory: OSV:GHSA-5MJW-6JRH-HVFQ...
CVE-2017-16226
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution...
CVE-2017-16226
The CVE-2017-16226 issue affects the static-eval module where untrusted input can access the global Function constructor, enabling arbitrary code execution. Exploitation details are present in multiple connected sources (e.g., npm advisory 548 and OSS/GHSA entries) showing that affected versions ...