Description

In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.

Remediation

References

https://github.com/mysticatea/eslint-utils/security/advisories/GHSA-3gx7-xhv7-5mx3

Related Vulnerabilities

CVE-2016-1000232 Vulnerability in maven package org.webjars.npm:tough-cookie

CVE-2018-3750 Vulnerability in maven package org.webjars.npm:deep-extend

CVE-2019-10403 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-23262 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2022-0272 Vulnerability in maven package io.gitlab.arturbosch.detekt:detekt-core

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory NVD-CWE-noinfo