1118:eslint-utils:Arbitrary Code Execution

No CVE
CWE CWE-94
References: - [ESLint release](https://eslint.org/blog/2019/08/eslint-v6.2.1-released)
- [eslint-utils advisory](https://github.com/mysticatea/eslint-utils/security/advisories/GHSA-3gx7-xhv7-5mx3)
Versions of `eslint-utils` >=1.2.0 or <1.4.1 are vulnerable to Arbitrary Code Execution. The `getStaticValue` does not properly sanitize user input allowing attackers to supply malicious input that executes arbitrary code during the linting process. The `getStringIfConstant` and `getPropertyName` functions are not affected.
@heapwolf @datcxx 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

1118:eslint-utils:Arbitrary Code Execution #4

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

1118:eslint-utils:Arbitrary Code Execution #4

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions