Code injection in nobelprizeparser · GHSA-4wv4-mgfq-598v · GitHub Advisory Database · GitHub

Code injection in nobelprizeparser

Critical severity GitHub Reviewed Published Feb 23, 2021 in AnneTheDev/nobelprize • Updated Jan 9, 2023

Package

nobelprizeparser (npm)

Affected versions

< 1.0.2

Patched versions

1.0.2

Description

Code injection through use of eval.

References

AnneTheDev published to AnneTheDev/nobelprize

Feb 23, 2021

Reviewed Mar 12, 2021

Published to the GitHub Advisory Database Mar 12, 2021

Last updated Jan 9, 2023