7 matches found
JAW - A Graph-based Security Analysis Framework For Client-side JavaScript
An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC LICEN...
Malicious code in esprima-moz (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e97c0fc3d9a47030b3fb578de603464215563116d22feec53bf819938ddc7432 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-8V27-2FG9-7H62 Withdrawn: Arbitrary Code Execution in static-eval
All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require'static-eval'; var parse = require'esprima'.parse; var src="function x return...
Withdrawn: Arbitrary Code Execution in static-eval
All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require'static-eval'; var parse = require'esprima'.parse; var src="function x return...
Sandbox Breakout / Arbitrary Code Execution in static-eval
Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept js var evaluate = require'static-eval'; var parse = require'esprima'.parse; va...
GHSA-5MJW-6JRH-HVFQ Sandbox Breakout / Arbitrary Code Execution in static-eval
Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept js var evaluate = require'static-eval'; var parse = require'esprima'.parse; va...
Sandbox Breakout / Arbitrary Code Execution
Overview Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept var evaluate = require'static-eval'; var parse =...