EPSS
Percentile
93.7%
node-extend is vulnerable to arbitrary code execution. Untrusted user input as argument A to the function(A,B,as,isAargs) in lib/extend.js is passed to the eval function without validation, allowing an attacker to execute arbitrary code.
A
function(A,B,as,isAargs)
lib/extend.js
www.npmjs.com/package/node-extend