Filtered by vendor Matthewmueller
Subscriptions
Filtered by product Dom-iterator
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21541 | 2 Dom-iterator, Matthewmueller | 2 Dom-iterator, Dom-iterator | 2025-01-14 | 7.3 High |
| Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval. | ||||
Page 1 of 1.