eval() function to evaluate the "if" statement conditions. The input to the function is sanitized by escaping all potentially dangerous characters.
However, if the variable passed in is an array, no escaping is applied, exposing an easy path to code injection. The risk of exploit is especially high given the fact
koa and many other Node.js servers allow users to force a query parameter to be an array using the
dustjs-linkedin to version 2.6.0 or higher.
- Michael Stepankin
- Snyk ID
- 09 Jan, 2015
- 14 Sep, 2016