CVE-2024-40453

CRITICAL

squirrellyjs <9.0.0 - Code Injection

Title source: llm

Description

squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.

Exploits (1)

nomisec WORKING POC
by BwithE · poc
https://github.com/BwithE/CVE-2024-40453

References (3)

Scores

CVSS v3 9.8
EPSS 0.0348
EPSS Percentile 87.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (2)
npm/squirrelly 9.0.0 - 9.1.0npm
squirrelly/squirrelly 9.0.0
Published Aug 21, 2024
Tracked Since Feb 18, 2026