CWE-95 - Eval Injection

Description

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

Latest vulnerabilities for CWE-95

Multiple vulnerabilities in GeoServer 2025-03-17
Critical Yes Public exploit

Eval injection in geotools 2025-03-17
High Yes

Eval Injection in Hitachi Energy MACH SCM 2024-04-26
Medium Yes

Multiple vulnerabilities in Eaton Intelligent Power Manager 2021-04-21
Medium Yes

References

Description of CWE-95 on Mitre website