Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function.
Metrics
Affected Vendors & Products
References
History
Thu, 31 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Antonk52
Antonk52 lilconfig |
|
CPEs | cpe:2.3:a:antonk52:lilconfig:*:*:*:*:*:*:*:* | |
Vendors & Products |
Antonk52
Antonk52 lilconfig |
|
Metrics |
ssvc
|
Thu, 31 Oct 2024 05:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function. | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-10-31T05:00:03.948Z
Updated: 2024-10-31T13:39:14.418Z
Reserved: 2023-12-22T12:33:20.123Z
Link: CVE-2024-21537
Vulnrichment
Updated: 2024-10-31T13:39:09.242Z
NVD
Status : Awaiting Analysis
Published: 2024-10-31T05:15:04.733
Modified: 2024-11-01T12:57:03.417
Link: CVE-2024-21537
Redhat
No data.