Описание
Improper Control of Dynamically-Managed Code Resources in config-shield
scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.
Пакеты
Наименование
config-shield
npm
Затронутые версииВерсия исправления
< 0.2.3
0.2.3
Связанные уязвимости
CVSS3: 5.3
nvd
около 5 лет назад
scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data