VDB
KO
CRITICAL 9.8

GHSA-fw2f-7f87-5r6c

Improper Input Validation in access-policy

Details

access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / access-policy
Introduced in: 0

No fixed version published yet for access-policy (npm). Pin to a known-safe version or switch to an alternative.

References