expr-eval issues

Report security vulnerability

9

Bypass : https://github.com/silentmatt/expr-eval/pull/288 The patch introduced an "allow-list" security model and an `isAllowedFunc` function to validate callable functions. However, the `isAllowedFunc` function still permits functions that are members of objects...

huydoppaz

Security advisory GHSA-jc85-fpwf-qm7x - request mitigation option to block function calls

4

Hello maintainers and @silentmatt - after the advisory GHSA-jc85-fpwf-qm7x, our builds now fail on audit because expr-eval allows expressions to call any functions passed in via scope. We’re looking for...

notnull-bmiller

Security Patch.

11

Fixes a vulnerability in the `expr-eval` package. We are unable to reach the researcher @silentmatt and @jorenbroekema developers who have their versions in the npmjs repository. Vijay Sarvepalli on behalf...

sei-vsarvepalli

expr-eval
expr-eval copied to clipboard

Metadata

Report security vulnerability

Security advisory GHSA-jc85-fpwf-qm7x - request mitigation option to block function calls

Security Patch.

Revise security policy for supported versions

Fix README example typo

[HELP] How do I property access when the property name have symbol in it?

← Metadata

Owner

Metadata

expr-eval expr-eval copied to clipboard

Metadata

Report security vulnerability

Security advisory GHSA-jc85-fpwf-qm7x - request mitigation option to block function calls

Security Patch.

Revise security policy for supported versions

Fix README example typo

[HELP] How do I property access when the property name have symbol in it?

← Metadata

Owner

Metadata

expr-eval
expr-eval copied to clipboard