EPSS
Percentile
93.7%
access-policy is vulnerable to remote code execution (RCE). The attack is possible because user-provided data is directly executed by the eval in the template function without validation.
eval
github.com/TupleAustin/access-policy/blob/master/lib/encode.js#L6