Description
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.0.0
References
Related Issues
- Code Injection in cryo - CVE-2018-3784
- openssl.js is malware - CVE-2017-16065
- Open Redirect in urijs - CVE-2022-0868
- Code Injection in jsen - CVE-2020-7777
- Tags:
- npm
- mosc
Anything's wrong? Let us know Last updated on February 01, 2023