brfs versions lower than 2.0.0 pull in the static-eval version < 2.0.0 that contains a vulnerability.
Other updates are for minor and patch flagged by npm audit
More details about the vulnerability
CVE-2017-16226Vulnerable versions: < 2.0.0
Patched version: 2.0.0
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
brfs versions lower than 2.0.0 pull in the
static-evalversion < 2.0.0 that contains a vulnerability.Other updates are for minor and patch flagged by
npm auditMore details about the vulnerability CVE-2017-16226 Vulnerable versions: < 2.0.0 Patched version: 2.0.0 The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.