scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data.
{ "nvd_published_at": "2021-01-27T20:15:00Z", "severity": "MODERATE", "github_reviewed_at": "2021-04-05T22:44:52Z", "github_reviewed": true, "cwe_ids": [ "CWE-913" ] }