GHSA-cq96-9974-v8hm: Dynamic Variable Evaluation in qiskit-ibm-runtime
An eval() method exists Options._get_program_inputs. This is bad in any case, but especially bad because Options are also used server side, so this has the potential to expose arbitrary code injection in runtime containers, now or at a later time.
References
Code Behaviors & Features
Detect and mitigate GHSA-cq96-9974-v8hm with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →