The use of eval in receiver.js is very dangerous:
var body = eval(req.body);
An attacker may easily pass a malformed request body that would result in command execution. Consider using JSON.parse, ad-hoc validation using regular expressions or a more heavyweight sanitization package like:
https://www.npmjs.com/package/eval-sanitizer
The use of eval in receiver.js is very dangerous:
An attacker may easily pass a malformed request body that would result in command execution. Consider using JSON.parse, ad-hoc validation using regular expressions or a more heavyweight sanitization package like:
https://www.npmjs.com/package/eval-sanitizer