Remote Code Execution possible via eval()-type functions - ghg-cprg

Find more live information in Aikido here: https://app.aikido.dev/repositories/1032950?sidebarIssue=18941048&groupId=39961&sidebarIssueTask=2558353&sidebarTab=tasks


### Scope
These issues affect the following code repository:
- ghg-cprg: [_waste/data_mpca_score_files/libs/htmlwidgets-1.6.4/htmlwidgets.js at line 252](https://github.com/Metropolitan-Council/ghg-cprg/blob/main/_waste/data_mpca_score_files/libs/htmlwidgets-1.6.4/htmlwidgets.js#L252)


### TLDR
Using functions such as eval, but also less obvious functions such as setTimeout, setInterval or 'new Function' can lead to users being able to run their own code on your servers.


### How to fix
If possible, avoid using these functions altogether. If not, use a list of allowed inputs that can feed into these functions.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Remote Code Execution possible via eval()-type functions - ghg-cprg #241

Scope

TLDR

How to fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Remote Code Execution possible via eval()-type functions - ghg-cprg #241

Description

Scope

TLDR

How to fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions