[🐞] SAST scanner triggers CWE-95 vuln finding in partytown-ww-atomics.js

Question

[🐞] SAST scanner triggers CWE-95 vuln finding in partytown-ww-atomics.js

Closed this issue 4 days ago · 1 comments

Describe the bug

Some of our teams are using Partytown, and they are getting CWE-95 vulns triggered from SAST/DAST scans with a "Very High" severity rating on this call:

new Function(scriptContent).call(env.$window$);

in partytown-ww-atomics.js

I am unable to provide further details such as the vendor names of the security tools we use, but multiple scanners over several vendors are reporting this.

Reproduction

n/a

Steps to reproduce

Would require a SAST scan of code using the .js

Browser Info

n/a

Additional Information

CWE-95

Answer 1 · 2024-11-23T23:53:15.000Z

Partytown moves to QwikDev organization, this is a new beginning for the project. So it's time to clarify the status and clean up the current state a bit. This issue was automatically marked as deprecated and closed because it was not detected recent activity for 8 months, date of latest version. If this issue is still relevant, feel free to comment below and the maintainers will reopen it. Thank you for your contributions.