constantinople@3.0.2

Vulnerabilities 1 via 1 paths
Dependencies 1
Source npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

Sandbox Bypass

  • Vulnerable module: constantinople
  • Introduced through: constantinople@3.0.2

Detailed paths

  • Introduced through: constantinople@3.0.2
    Remediation: Upgrade to constantinople@3.1.1.

Overview

constantinople determines whether a JavaScript expression evaluates to a constant (using acorn).

Affected versions of this package are vulnerable to a sandbox bypass which can lead to arbitrary code execution.

Remediation

Upgrade constantinople to version 3.1.1 or higher.

References