Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:17 a.m.6 views

CVE-2023-38704

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

9.8CVSS8.1AI score0.00846EPSS
Exploits0References1
Veracode
Veracode
added 2023/08/09 2:33 a.m.21 views

Arbitrary Code Execution

import-in-the-middle is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the lack of sanitization in the getSource function of hook.js, which allows an attacker to inject and execute malicious code in the import function...

9.8CVSS7.3AI score0.00846EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/08 7:26 p.m.25 views

import-in-the-middle has unsanitized user controlled input in module generation

Impact The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes user-supplied input directly to an import...

9.8CVSS9.5AI score0.00846EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/07 7:24 p.m.12 views

CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

8.1CVSS7.6AI score0.00846EPSS
Exploits0References2
CVE
CVE
added 2023/08/07 7:24 p.m.135 views

CVE-2023-38704

CVE-2023-38704 affects import-in-the-middle (ESM loader). Prior to version 1.4.2 it allows remote code execution when user-supplied input is passed to import(). This vulnerability has been patched in 1.4.2. Affected guidance includes not passing user input to import(), and, if EcmaScript Modules ...

9.8CVSS9.2AI score0.00846EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/07 7:24 p.m.35 views

CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

8.1CVSS10AI score0.00846EPSS
Exploits0References2
Rows per page
Query Builder