Description
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
Remediation
References
https://github.com/substack/static-eval/pull/18
https://maustin.net/articles/2017-10/static_eval
https://nodesecurity.io/advisories/548
Related Vulnerabilities
CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.binding.sonos
CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_sjs1_2.13
CVE-2018-1002201 Vulnerability in maven package org.zeroturnaround:zt-zip
CVE-2019-17573 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http