mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.1 KiB
1.1 KiB
CVE-2024-21541
Description
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.
POC
Reference
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166
- https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199
Github
No PoCs found on GitHub currently.