CVE-2017-16226

CVE-2017-16226

Vendor Hackerone
Product static-eval node module node module
Weakness CWE-20 · Input validation
Published June 7, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.

Key dates

02Disclosure timeline

June 7, 2018 CVE published
September 16, 2024 Record updated