6 matches found
lilconfig Code Injection vulnerability
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...
GHSA-FQ9M-V26V-2M4F lilconfig Code Injection vulnerability
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...
CVE-2024-21537
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...
CVE-2024-21537
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...
Arbitrary Code Execution
Overview lilconfig is an A zero-dependency alternative to cosmiconfig Affected versions of this package are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the...
PT-2024-7648 · Lilconfig · Lilconfig
Name of the Vulnerable Software and Affected Versions: lilconfig versions 3.1.0 through 3.1.1 Description: The issue is related to the dynamicImport function in the lilconfig configurator, which is associated with incorrect code generation management when handling .d.ts syntax. This can allow a...