Description
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution.
Remediation
References
https://snyk.io/vuln/SNYK-JS-ACCESSPOLICY-571490
Related Vulnerabilities
CVE-2022-22963 Vulnerability in maven package org.springframework.cloud:spring-cloud-function-core
CVE-2023-34613 Vulnerability in maven package net.sf.sojo:sojo
CVE-2020-7709 Vulnerability in npm package json-pointer
CVE-2023-28628 Vulnerability in maven package lambdaisland:uri
CVE-2023-46998 Vulnerability in maven package org.webjars.bowergithub.makeusabrew:bootbox