6 matches found
CVE-2023-38704
import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...
Arbitrary Code Execution
import-in-the-middle is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the lack of sanitization in the getSource function of hook.js, which allows an attacker to inject and execute malicious code in the import function...
import-in-the-middle has unsanitized user controlled input in module generation
Impact The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes user-supplied input directly to an import...
CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation
import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...
CVE-2023-38704
CVE-2023-38704 affects import-in-the-middle (ESM loader). Prior to version 1.4.2 it allows remote code execution when user-supplied input is passed to import(). This vulnerability has been patched in 1.4.2. Affected guidance includes not passing user input to import(), and, if EcmaScript Modules ...
CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation
import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...