Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Question

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

hoha666 opened this issue 7 months ago · comments

there is some kind of very high flaw about eval injection, found be Veracode on 6.14.3

is it possible to give me a workaround ?

Todd Brannam · Answer 1 · Wed Jan 17 2024 10:02:24 GMT+0800 (China Standard Time)

This is key to dynamically importing code in Node. In the future I could see using Node's experimental VM loader or a custom loader. But that's not yet marked as stable.