0.002 Low
EPSS
Percentile
53.2%
jsen is vulnerable to remote code execution (RCE). Lack of sanitization of the required field of the schema allows an attacker to inject and execute malicious javascript code via Function.apply(); .
required
Function.apply();
github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875
github.com/bugventure/jsen/blob/v0.6.6/lib/jsen.js#L875