Skip to content

Unsafe use of eval #2

Description

@cristianstaicu

The use of eval in receiver.js is very dangerous:

var body = eval(req.body);

An attacker may easily pass a malformed request body that would result in command execution. Consider using JSON.parse, ad-hoc validation using regular expressions or a more heavyweight sanitization package like:
https://www.npmjs.com/package/eval-sanitizer

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions