CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-21541

Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.3%

CVSS Severity

CVSS v3 Score 7.3

References

Products affected by CVE-2024-21541

Matthewmueller » Dom-Iterator » Version: N/A

cpe:2.3:a:matthewmueller:dom-iterator:-
Matthewmueller » Dom-Iterator » Version: 0.0.2

cpe:2.3:a:matthewmueller:dom-iterator:0.0.2
Matthewmueller » Dom-Iterator » Version: 0.0.3

cpe:2.3:a:matthewmueller:dom-iterator:0.0.3
Matthewmueller » Dom-Iterator » Version: 0.0.4

cpe:2.3:a:matthewmueller:dom-iterator:0.0.4
Matthewmueller » Dom-Iterator » Version: 0.0.5

cpe:2.3:a:matthewmueller:dom-iterator:0.0.5
Matthewmueller » Dom-Iterator » Version: 0.1.0

cpe:2.3:a:matthewmueller:dom-iterator:0.1.0
Matthewmueller » Dom-Iterator » Version: 0.1.1

cpe:2.3:a:matthewmueller:dom-iterator:0.1.1
Matthewmueller » Dom-Iterator » Version: 0.2.0

cpe:2.3:a:matthewmueller:dom-iterator:0.2.0
Matthewmueller » Dom-Iterator » Version: 0.2.1

cpe:2.3:a:matthewmueller:dom-iterator:0.2.1
Matthewmueller » Dom-Iterator » Version: 0.3.0

cpe:2.3:a:matthewmueller:dom-iterator:0.3.0
Matthewmueller » Dom-Iterator » Version: 1.0.0

cpe:2.3:a:matthewmueller:dom-iterator:1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-21541

Products

Pricing

Contact Us