CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.

Date published : 2018-06-06

https://github.com/substack/static-eval/pull/18

https://maustin.net/articles/2017-10/static_eval