...In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate() or path.evaluateTruthy() internal Babel methods.
Babel: arbitrary code execution
https://avd.aquasec.com/nvd/2023/cve-2023-45133
Locations:
@babel/traverse@7.21.4 in package-lock.json