Description

In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.

Remediation

References

https://github.com/mysticatea/eslint-utils/security/advisories/GHSA-3gx7-xhv7-5mx3

Related Vulnerabilities

CVE-2022-36272 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2021-23718 Vulnerability in npm package ssrf-agent

CVE-2018-20222 Vulnerability in maven package org.airsonic.player:airsonic-main

CVE-2023-49280 Vulnerability in maven package org.xwiki.contrib.changerequest:application-changerequest-default

CVE-2020-28478 Vulnerability in npm package gsap

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory NVD-CWE-noinfo