CVE-2019-15657

Name of the Vulnerable Software and Affected Versions eslint-utils versions 1.2.0 through 1.4.0

Description The issue concerns the execution of arbitrary code due to improper sanitization of user input by the getStaticValue function. This allows attackers to supply malicious input that executes arbitrary code during the linting process. The getStringIfConstant and getPropertyName functions are not affected.

Recommendations Upgrade to version 1.4.1 or later.