CVE-2017-16226

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt