Security Advisory

CVE-2025-55346

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-14 09:49:52

Last updated 2025-08-14 15:44:20

Assigner JFROG

State PUBLISHED

Description

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request.

← Browse all CVEs View on cve.org ↗