All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.

Unsupervised Learning


Unsupervised Learning is a Security, AI, and Meaning-focused company/newsletter/podcast that looks at how best to thrive in a post-AI world. It combines original ideas and analysis to bring not just the news—but why it matters, and how to respond.

Listed: