@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input
Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: @babel/plugin-transform-modules-systemjs @babel/preset-env when using the modules: "systemjs" option, as it delegates to @babel/plugin-transform-modules-systemjs No other plugins under the @babel namespace are impacted. Users that only compile trusted code are not impacted.