CRITICAL 9.8
GHSA-fw2f-7f87-5r6c
Improper Input Validation in access-policy
Details
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution.
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / access-policy
Introduced in:
0 No fixed version published yet for access-policy (npm). Pin to a known-safe version or switch to an alternative.