Severity: Critical
CVSS Score: 10
All versions of `marsdb` are vulnerable to Command Injection. In the `DocumentMatcher` class, selectors on `$where` clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed. ## Recommendation No fix is currently available. Consider using an alternative package until a fix is made available.