← Back

Dom Iterator

dom-iterator

Vendor: Matthewmueller • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-21541
1Matthewmueller
1Dom Iterator
Jun 17, 2026
Nov 13, 2024
5.5 MEDIUM· v4
9.8 CRITICAL· v3
N/A· v2
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus car...Show more
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.Show less