[π] SAST scanner triggers CWE-95 vuln finding in partytown-ww-atomics.js
bretlowery opened this issue Β· comments
Bret Lowery commented
Describe the bug
Some of our teams are using Partytown, and they are getting CWE-95 vulns triggered from SAST/DAST scans with a "Very High" severity rating on this call:
new Function(scriptContent).call(env.$window$);
in partytown-ww-atomics.js
I am unable to provide further details such as the vendor names of the security tools we use, but multiple scanners over several vendors are reporting this.
Reproduction
n/a
Steps to reproduce
Would require a SAST scan of code using the .js
Browser Info
n/a