Description
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution.
Remediation
References
https://snyk.io/vuln/SNYK-JS-NODEEXTEND-571491
Related Vulnerabilities
CVE-2021-26920 Vulnerability in maven package org.apache.druid:druid-core
CVE-2023-37951 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2022-47105 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system
CVE-2022-0686 Vulnerability in npm package url-parse
CVE-2021-21627 Vulnerability in maven package org.jenkins-ci.plugins:libvirt-slave