CVE-2024-21541
- Reference to the description:
- Description:
- All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.
- Last updated date:
- 11/19/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/19/2024
- Reference url to background