Dangerous `eval` function #47

lidzhigaryaev · 2024-06-26T15:22:22Z

We're using OWASP ZAP pentests in our project and it recently gave us an alert saying that we use a dangerous eval JS function pointing to code in our bundle which leads to your library

Description	A dangerous JS function seems to be in use that would leave the site vulnerable.
URL	https://projectname/static/js/main.a2a68484.js
Evidence	eval
Solution	See the references for security advice on the use of these functions.
Tags	WSTG-v42-CLNT-02 OWASP_2021_A04
CWE Id	749
Plugin Id	10110

Is there anything we can do about it? Thanks!

The text was updated successfully, but these errors were encountered:

YYsuni · 2024-07-01T08:59:18Z

eval function is the easiest way for implementing the edit mode. I might be able to replace it with a more secure sdk.

YYsuni · 2024-07-25T02:47:12Z

New canary released, eval has been replaced by JSON.parse.

YYsuni/react18-json-view#47

lidzhigaryaev changed the title ~~Dangerous eval function~~ Dangerous eval function Jun 26, 2024

blyme added a commit to blyme/jsonafy that referenced this issue Aug 10, 2024

Use react18-json-view@canary

e4e28ee

YYsuni/react18-json-view#47

blyme added a commit to blyme/jsonafy that referenced this issue Aug 10, 2024

Use react18-json-view@canary

aef0f0a

YYsuni/react18-json-view#47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dangerous `eval` function #47

Dangerous `eval` function #47

lidzhigaryaev commented Jun 26, 2024

YYsuni commented Jul 1, 2024

YYsuni commented Jul 25, 2024

Dangerous eval function #47

Dangerous eval function #47

Comments

lidzhigaryaev commented Jun 26, 2024

YYsuni commented Jul 1, 2024

YYsuni commented Jul 25, 2024

Dangerous `eval` function #47

Dangerous `eval` function #47