CVE-2024-40453

squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
Configurations

Configuration 1 (hide)

cpe:2.3:a:squirrelly:squirrelly:9.0.0:*:*:*:*:node.js:*:*

History

23 Aug 2024, 16:41

Type Values Removed Values Added
Summary
  • (es) Se descubrió que squirrellyjs squirrelly v9.0.0 y corregido en v.9.0.1 contenía una vulnerabilidad de inyección de código a través del componente options.varName.
CPE cpe:2.3:a:squirrelly:squirrelly:9.0.0:*:*:*:*:node.js:*:*
First Time Squirrelly
Squirrelly squirrelly
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://github.com/squirrellyjs/squirrelly - () https://github.com/squirrellyjs/squirrelly - Product
References () https://github.com/squirrellyjs/squirrelly/pull/262 - () https://github.com/squirrellyjs/squirrelly/pull/262 - Patch
References () https://samuzora.com/posts/cve-2024-40453 - () https://samuzora.com/posts/cve-2024-40453 - Exploit

21 Aug 2024, 17:24

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-21 17:15

Updated : 2024-08-23 17:35


NVD link : CVE-2024-40453

Mitre link : CVE-2024-40453

CVE.ORG link : CVE-2024-40453


JSON object : View

Products Affected

squirrelly

  • squirrelly
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')