CVE-2024-21541 – Apache DOM-iterator Code Injection

CVE ID : CVE-2024-21541

Published : Nov. 13, 2024, 5:15 a.m. | 1 hour, 1 minute ago

Description : All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-21541 – Apache DOM-iterator Code Injection