search

YYsuni / react18-json-view

JSON viewer for react18
https://jv.yysuni.com/
MIT License
236 stars 15 forks source link

Dangerous `eval` function #47

Open lidzhigaryaev opened 1 week ago

lidzhigaryaev commented 1 week ago

We're using OWASP ZAP pentests in our project and it recently gave us an alert saying that we use a dangerous eval JS function pointing to code in our bundle which leads to your library

Description A dangerous JS function seems to be in use that would leave the site vulnerable.
URL https://*projectname*/static/js/main.a2a68484.js
Evidence eval
Solution See the references for security advice on the use of these functions.
Tags WSTG-v42-CLNT-02
OWASP_2021_A04
CWE Id 749
Plugin Id 10110

image

Is there anything we can do about it? Thanks!

YYsuni commented 3 days ago

eval function is the easiest way for implementing the edit mode. I might be able to replace it with a more secure sdk.