CVE-2024-21541
CVSS V2 None
CVSS V3 None
Description
All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.
Overview
- CVE ID
- CVE-2024-21541
- Assigner
- snyk
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-13T05:00:12.270Z
- Last Modified Date
- 2024-11-13T05:00:12.270Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-21541 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21541 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-13 14:03:41 | Added to TrackCVE |