Hundan2020

**Name of the Vulnerable Software and Affected Versions** FeHelper versions prior to 2019-06-20 **Description** The issue allows arbitrary code execution during a JSON format operation. This can be demonstrated by the input `{"a":(function(){confirm(1)})()}`. **Recommendations** For FeHelper versions prior to 2019-06-20, update to a version released after 2019-06-19 to resolve the issue. As a temporary workaround, consider restricting JSON format operations to minimize the risk of exploitation.