Vladimir Janković

1 exploit Active since Nov 2024
CVE-2024-21541 WRITEUP HIGH WRITEUP
dom-iterator < 1.0.1 - Remote Code Execution via Function Constructor
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.
CVSS 7.3