CVE-2024-21541

Name of the Vulnerable Software and Affected Versions dom-iterator versions prior to 1.0.1

Description The issue is related to Arbitrary Code Execution due to the use of the Function constructor without complete input sanitization. This allows an attacker to generate a new function body, posing risks similar to those of allowing attacker-controlled input to reach eval.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Function constructor to minimize the risk of exploitation.