Name of the Vulnerable Software and Affected Versions mobile-icon-resizer versions prior to 0.4.3

Description The issue concerns a code execution vulnerability. It allows dynamic JavaScript payloads to be executed due to the ratio and baseRatio parameters being passed directly to eval(). This vulnerability can be exploited through a specially crafted config.js file, which defines the resulting icons. For example, an attacker could manipulate the baseRatio or ratio properties in the android section of the config.js file to execute malicious code.

Recommendations Update to version 0.4.3 or later. As a temporary workaround, consider restricting the use of the ratio and baseRatio properties in the config.js file to minimize the risk of exploitation. Avoid using the eval() function with untrusted input until the issue is resolved.