Details
Alert ID 210001-2
Alert Type Tool
Status alpha
Risk High
CWE 95
WASC
Technologies Targeted All
Tags CWE-95
OWASP_2021_A03
OWASP_2025_A05
TOOL_PTK

Summary

Tainted string executed via Function constructor. Generated by OWASP PTK IAST Module

Solution

• Never pass untrusted strings to eval or Function. • Use safe parsers and strict allow-lists. • Disable unsafe-eval in CSP.

Other Info

References

Code

src/ptk/background/iast/modules/modules.json