Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses eval(), which executes code constructed as a string. If any part of this string can be influenced by user input or external sources, attackers may run malicious code within your application.
Impact#
Exploiting this issue could allow attackers to execute arbitrary JavaScript in your app, leading to data theft, site defacement, or full system compromise. This can result in loss of user trust, data breaches, and potential legal consequences.