Description
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.7.26
References
Related Issues
- @hpke/core reuses AEAD nonces - CVE-2025-64767
- Spoofing attack in swagger-ui - CVE-2018-25031
- MailDev Remote Code Execution - CVE-2024-27448
- vxe-table prototype pollution - CVE-2024-57080
- Tags:
- npm
- cd-messenger
Anything's wrong? Let us know Last updated on February 01, 2023