9 matches found
Arbitrary Code Execution (ACE)
lilconfig is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the insecure usage of eval in the dynamicImport function, which allows an attacker to inject malicious input through the defaultLoaders function and execute arbitrary code...
lilconfig Code Injection vulnerability
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...
GHSA-FQ9M-V26V-2M4F lilconfig Code Injection vulnerability
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...
CVE-2024-21537
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...
CVE-2024-21537
CVE-2024-21537 affects lilconfig ≤ 3.1.0–3.1.0? up to 3.1.1, where the insecure use of eval in dynamicImport enables Arbitrary Code Execution. An attacker can exploit this by supplying a malicious input through defaultLoaders; PoC and public advisories describe code injection in lilconfig. Affect...
CVE-2024-21537
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...
CVE-2024-21537
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...
Arbitrary Code Execution
Overview lilconfig is an A zero-dependency alternative to cosmiconfig Affected versions of this package are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the...
PT-2024-7648 · Lilconfig · Lilconfig
Name of the Vulnerable Software and Affected Versions: lilconfig versions 3.1.0 through 3.1.1 Description: The issue is related to the dynamicImport function in the lilconfig configurator, which is associated with incorrect code generation management when handling .d.ts syntax. This can allow a...