CVE-2024-39173 Information

Description

calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field.

Reference

http://kropov.com/calculator-boilerplate-cve.txt