Overview
- Description
- Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function.
- Source
- report@snyk.io
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- report@snyk.io
- CWE-94
Social media
- Hype score
- Not currently trending
CVE-2024-21537 Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport functi… https://t.co/bfxndyZoPu
@CVEnew
31 Oct 2024
543 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2024-21537: HIGH] Beware of security vulnerability in lilconfig < 3.1.1! Attackers can execute arbitrary code due to insecure eval usage in dynamicImport function. Update to version 3.1.1 to stay safe.#cybersecurity,#vulnerability https://t.co/I5niImtNUF https://t.co/L1oB
@CveFindCom
31 Oct 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes