Описание
Sandbox Breakout / Arbitrary Code Execution in value-censorship
All versions of value-censorship are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to validate async function constructors allowing attackers to execute arbitrary code.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
value-censorship
npm
Затронутые версииВерсия исправления
Отсутствует