3 matches found
CVE-2023-38704
import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...
CVE-2023-38704
CVE-2023-38704 affects import-in-the-middle (ESM loader). Prior to version 1.4.2 it allows remote code execution when user-supplied input is passed to import(). This vulnerability has been patched in 1.4.2. Affected guidance includes not passing user input to import(), and, if EcmaScript Modules ...
CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation
import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...