High severity7.3NVD Advisory· Published Nov 13, 2024· Updated Jun 17, 2026
CVE-2024-21541
CVE-2024-21541
Description
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dom-iteratornpm | < 1.0.1 | 1.0.1 |
Affected products
2- cpe:2.3:a:matthewmueller:dom-iterator:*:*:*:*:*:node.js:*:*Range: <=1.0.0
Patches
Vulnerability mechanics
References
5- security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-jrvm-mcxc-mf6mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21541ghsaADVISORY
- github.com/matthewmueller/dom-iterator/commit/9e0e0fad5a251de5b42feb326c4204eb04080805nvdWEB
- security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166nvdWEB
News mentions
0No linked articles in our index yet.