CVE-2024-21537

Summary

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function.

Affected Software

VendorProductVersion RangeStatus
n/alilconfig3.1.0 < 3.1.1affected

Weaknesses

  • CWE-94: Arbitrary Code Execution

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References