Direct usage of eval used on end user input to perform basic math, from within nodejs.
Not only did this mean allowing users to perform "remote code execution", but to even get eval required bypassing codebase checks.
The worst part was this was being performed by a "senior" developer and part of an app that would rely heavily on end user input. They got demoted from the project soon after and we removed the offending code.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Direct usage of
evalused on end user input to perform basic math, from within nodejs.Not only did this mean allowing users to perform "remote code execution", but to even get
evalrequired bypassing codebase checks.The worst part was this was being performed by a "senior" developer and part of an app that would rely heavily on end user input. They got demoted from the project soon after and we removed the offending code.