CVE-2022-25921

Name of the Vulnerable Software and Affected Versions morgan-json versions all

Description The issue is related to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. This allows for potential code execution with unintended consequences. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For morgan-json versions all, consider disabling the use of the Function constructor until a patch is available. Restrict input passed to this constructor to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.