Name of the Vulnerable Software and Affected Versions static-eval versions prior to 2.0.2

Description The issue allows arbitrary code execution when untrusted user input is parsed via the package, as it passes the input directly to the global function constructor. This can be exploited when user input is evaluated, potentially leading to malicious actions.

Recommendations Upgrade to version 2.0.2 or later.