CVE-2017-16226

Summary

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
HackerOnestatic-eval node module node module<=1.1.1affected

Weaknesses

  • CWE-20: Improper Input Validation (CWE-20)

ADP Enrichment

CVE Program Container

Additional References

References