CVE-2024-21541

Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/matthewmueller/dom-iterator/commit/9e0e0fad5a251de5b42feb326c4204eb04080805
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166
https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:matthewmueller:dom-iterator:*:*:*:*:*:node.js:*:*

History

14 Jan 2025, 17:15

Type	Values Removed	Values Added
References		() https://github.com/matthewmueller/dom-iterator/commit/9e0e0fad5a251de5b42feb326c4204eb04080805 - () https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166 -
Summary	(en) All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.	(en) Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.

Information

Published : 2024-11-13 05:15

Updated : 2025-01-14 17:15

NVD link : CVE-2024-21541

Mitre link : CVE-2024-21541

CVE.ORG link : CVE-2024-21541

JSON object : View

Products Affected

matthewmueller

dom-iterator

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-21541", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "report@snyk.io", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.9, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-13T05:15:14.680", "references": [{"url": "https://github.com/matthewmueller/dom-iterator/commit/9e0e0fad5a251de5b42feb326c4204eb04080805", "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166", "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199", "tags": ["Exploit", "Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "report@snyk.io", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval."}, {"lang": "es", "value": "Todas las versiones del paquete dom-iterator son vulnerables a la ejecuci\u00f3n de c\u00f3digo arbitrario debido al uso del constructor Function sin una desinfecci\u00f3n completa de la entrada. Function genera un nuevo cuerpo de funci\u00f3n y, por lo tanto, se debe tener cuidado para garantizar que las entradas a Function no est\u00e9n controladas por un atacante. Los riesgos involucrados son similares a los de permitir que la entrada controlada por un atacante llegue a eval."}], "lastModified": "2025-01-14T17:15:16.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:matthewmueller:dom-iterator:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "23F03C7B-1A8B-4FB7-9A5D-FE3C08D3ED56", "versionEndIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}