Code Injection
This CVE has been marked as a False Positive and has been removed.
Advisories for Npm/Static-Eval package
2021
2020
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in static-eval.
2018
Improper Input Validation
Untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
2017
Sandbox Breakout / Arbitrary Code Execution
In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.