Description
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution.
Remediation
References
https://snyk.io/vuln/SNYK-JS-ACCESSPOLICY-571490
Related Vulnerabilities
CVE-2021-29481 Vulnerability in maven package io.ratpack:ratpack-session
CVE-2018-19056 Vulnerability in npm package editor.md
CVE-2020-7720 Vulnerability in maven package org.webjars.npm:node-forge
CVE-2022-0084 Vulnerability in maven package org.jboss.xnio:xnio-api
CVE-2022-24847 Vulnerability in maven package org.geoserver.community:gs-taskmanager-core