Unknown · Dom-Iterator · CVE-2024-21541
**Name of the Vulnerable Software and Affected Versions**
dom-iterator versions prior to 1.0.1
**Description**
The issue is related to Arbitrary Code Execution due to the use of the Function constructor without complete input sanitization. This allows an attacker to generate a new function body, posing risks similar to those of allowing attacker-controlled input to reach eval.
**Recommendations**
For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Function constructor to minimize the risk of exploitation.