Improper Control of Generation of Code ('Code Injection')
All versions of package morgan-json is vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.
Advisories for Npm/Morgan-Json package
2022