{"vulnerability": "CVE-2024-2154", "sightings": [{"uuid": "a2a7a42b-5946-465a-a27e-ce94e6cc9219", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21541", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113473911682411442", "content": "", "creation_timestamp": "2024-11-13T05:08:03.003393Z"}, {"uuid": "bede6d00-9bc4-44fb-aaf2-9df348e2fdc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-21545", "type": "seen", "source": "https://infosec.exchange/users/alexandreborges/statuses/113465261096647417", "content": "", "creation_timestamp": "2024-11-11T16:28:06.081325Z"}, {"uuid": "54089e95-0421-49fb-9bdb-9aa9c92bb5ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-21545", "type": "seen", "source": "https://mastodon.social/users/alexandreborges/statuses/113465260719252279", "content": "", "creation_timestamp": "2024-11-11T16:30:42.112343Z"}, {"uuid": "5ee8e746-24fa-4e9b-a1c1-21c7cee56fa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21540", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113473911667208596", "content": "", "creation_timestamp": "2024-11-13T05:08:02.854450Z"}, {"uuid": "b8e39980-70c2-40c6-9e2b-2d4d781a56a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21542", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113626781732575380", "content": "", "creation_timestamp": "2024-12-10T05:04:55.604024Z"}, {"uuid": "b1d6312c-c18b-4cc4-b48a-604bafbfc5b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113643759382930445", "content": "", "creation_timestamp": "2024-12-13T05:02:35.376732Z"}, {"uuid": "44504d4a-baa3-41ea-a34d-138f78d9594c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21544", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113643759397049024", "content": "", "creation_timestamp": "2024-12-13T05:02:35.590633Z"}, {"uuid": "40e99726-f81c-4e20-a2c8-188818cb1b65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113683419074715879", "content": "", "creation_timestamp": "2024-12-20T05:08:33.049021Z"}, {"uuid": "47e53103-5ffa-437d-8707-61a8afeeb07c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21544", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113683419074715879", "content": "", "creation_timestamp": "2024-12-20T05:08:33.080829Z"}, {"uuid": "74b2f35a-35fd-4a9f-adfc-d713c779da2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3ldpmy4xntb22", "content": "", "creation_timestamp": "2024-12-20T05:15:29.348753Z"}, {"uuid": "fc27051d-25fc-47bf-8412-2523be1e1405", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21546", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113672352761248225", "content": "", "creation_timestamp": "2024-12-18T06:14:13.540836Z"}, {"uuid": "a2e3e4bf-533d-48fb-9c38-819ef3227258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21547", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113672352775500019", "content": "", "creation_timestamp": "2024-12-18T06:14:13.879239Z"}, {"uuid": "5e2b23a1-5193-465a-9e54-7384e8d15f32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21548", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113672352791809731", "content": "", "creation_timestamp": "2024-12-18T06:14:14.073295Z"}, {"uuid": "338da72a-1f52-44ed-9994-7b420e0375a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113949546327052981", "content": "", "creation_timestamp": "2025-02-05T05:08:11.721492Z"}, {"uuid": "9a9a6af8-bdce-4b46-868b-3a0d45c64c75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21545", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:33.000000Z"}, {"uuid": "888686c9-917a-4e98-9419-3ef1b7200354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21545", "type": "published-proof-of-concept", "source": "Telegram/q7VD5LFLz0DQI0He0CdIi8UKDEAJAk3zBKou56yKpQVq99g", "content": "", "creation_timestamp": "2025-12-01T03:00:07.000000Z"}, {"uuid": "f5c5a4ca-2101-41ec-9349-b307e839e468", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://t.me/cvedetector/17272", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-1026 - Spatie Browsershot URL Validation Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-1026 \nPublished : Feb. 5, 2025, 5:15 a.m. | 23\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21549](). \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-05T07:26:55.000000Z"}, {"uuid": "99ec7338-b0ef-448e-ab8e-9b9b0191d242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21541", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1528", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21541\n\ud83d\udd39 Description: Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.\n\ud83d\udccf Published: 2024-11-13T05:00:12.270Z\n\ud83d\udccf Modified: 2025-01-14T16:53:39.641Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199\n2. https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8383166\n3. https://github.com/matthewmueller/dom-iterator/commit/9e0e0fad5a251de5b42feb326c4204eb04080805", "creation_timestamp": "2025-01-14T17:21:01.000000Z"}, {"uuid": "c2490a63-27f4-4abd-be39-a0fc087a52e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4822", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-21543\n\ud83d\udd25 CVSS Score: 5.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS.\n\ud83d\udccf Published: 2024-12-13T05:00:16.747Z\n\ud83d\udccf Modified: 2025-02-20T22:02:38.155Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-PYTHON-DJOSER-8366540\n2. https://github.com/sunscrapers/djoser/releases/tag/2.3.0\n3. https://github.com/sunscrapers/djoser/issues/795\n4. https://github.com/sunscrapers/djoser/pull/819\n5. https://github.com/sunscrapers/djoser/commit/d33c3993c0c735f23cbedc60fa59fce69354f19d", "creation_timestamp": "2025-02-20T22:17:43.000000Z"}, {"uuid": "cf3ee060-bf8a-4add-9f5a-f2de16f3bbff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21544", "type": "seen", "source": "https://t.me/cvedetector/13408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21549 - Spatie Browsershot Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21549 \nPublished : Dec. 20, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21544](). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T06:42:37.000000Z"}, {"uuid": "3346d93f-7326-45b3-bfe5-6d9f244e1e1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21549", "type": "seen", "source": "https://t.me/cvedetector/13408", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21549 - Spatie Browsershot Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21549 \nPublished : Dec. 20, 2024, 5:15 a.m. | 22\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file.  \n  \n**Note:**  \n  \nThis is a bypass of the fix for [CVE-2024-21544](). \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-20T06:42:37.000000Z"}, {"uuid": "2cb6ce69-f2e0-4c9c-aa80-caf66ece76d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21542", "type": "seen", "source": "https://t.me/cvedetector/12479", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21542 - Luigi Zip Slip File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21542 \nPublished : Dec. 10, 2024, 5:15 a.m. | 40\u00a0minutes ago \nDescription : Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T07:26:25.000000Z"}, {"uuid": "3a42b570-cf61-4394-b62e-61ac2c1a1a3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21544", "type": "seen", "source": "https://t.me/cvedetector/12826", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21544 - Spatie Browsershot Server-Side Request Forgery\", \n  \"Content\": \"CVE ID : CVE-2024-21544 \nPublished : Dec. 13, 2024, 5:15 a.m. | 41\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method.  \nAn attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T07:24:11.000000Z"}, {"uuid": "f174cd40-efe7-4caa-9e50-a30d8cd0bc14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "seen", "source": "https://t.me/cvedetector/12825", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21543 - Djoser Authentication Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21543 \nPublished : Dec. 13, 2024, 5:15 a.m. | 41\u00a0minutes ago \nDescription : Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS. \nSeverity: 7.1 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T07:24:11.000000Z"}, {"uuid": "fd02ece8-d4f0-47fb-b053-ac4ac9a39ab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21546", "type": "seen", "source": "https://t.me/cvedetector/13167", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21546 - Laravel Filemanager PHP File Execution\", \n  \"Content\": \"CVE ID : CVE-2024-21546 \nPublished : Dec. 18, 2024, 6:15 a.m. | 24\u00a0minutes ago \nDescription : Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T07:50:22.000000Z"}, {"uuid": "5062dbce-7916-44f5-bb82-429ffc72f260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21548", "type": "seen", "source": "https://t.me/cvedetector/13163", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21548 - Bun Prototype Pollution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21548 \nPublished : Dec. 18, 2024, 6:15 a.m. | 24\u00a0minutes ago \nDescription : Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T07:50:16.000000Z"}, {"uuid": "ec359880-d7ac-46bc-8075-e798dd4a903b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21547", "type": "seen", "source": "https://t.me/cvedetector/13162", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21547 - Spatie Browsershot Directory Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-21547 \nPublished : Dec. 18, 2024, 6:15 a.m. | 24\u00a0minutes ago \nDescription : Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\\\. An attacker could read any file on the server by exploiting the normalization of \\ into /. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-18T07:50:15.000000Z"}, {"uuid": "48ed531a-0fb4-4ab1-9b3b-ed3433d9bda7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21540", "type": "seen", "source": "https://t.me/cvedetector/10805", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21540 - Node.js Source-map-support Directory Traversal Vulneability\", \n  \"Content\": \"CVE ID : CVE-2024-21540 \nPublished : Nov. 13, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : All versions of the package source-map-support are vulnerable to Directory Traversal in the retrieveSourceMap function. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T07:28:22.000000Z"}, {"uuid": "fe56e071-9dd2-45ad-b23e-fdf267d5605d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21541", "type": "seen", "source": "https://t.me/cvedetector/10803", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-21541 - Apache DOM-iterator Code Injection\", \n  \"Content\": \"CVE ID : CVE-2024-21541 \nPublished : Nov. 13, 2024, 5:15 a.m. | 43\u00a0minutes ago \nDescription : All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-13T07:28:21.000000Z"}, {"uuid": "21199940-c55e-44ac-a7bd-1e7c23896730", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21543", "type": "seen", "source": "Telegram/ynTV8tOGr7piAsl9BTCseHZxVuzmsf9LHsFkrsQztRrZlhcj", "content": "", "creation_timestamp": "2025-02-20T23:38:15.000000Z"}, {"uuid": "256a347e-fc54-408a-b4aa-b8eca4190d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21546", "type": "published-proof-of-concept", "source": "Telegram/YaDf5xJ3685njZbA_KRVppFbIpFzplLD7yW1OQGHI6Xa2lo", "content": "", "creation_timestamp": "2025-05-05T21:02:56.000000Z"}, {"uuid": "733242a5-3077-48bf-ac5d-99ff269fbc93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2154", "type": "seen", "source": "https://t.me/ctinow/198957", "content": "https://ift.tt/6r2C0Bb\nCVE-2024-2154", "creation_timestamp": "2024-03-04T02:26:53.000000Z"}, {"uuid": "57b24d8d-3539-4136-894c-2e29f3358285", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2154", "type": "seen", "source": "https://t.me/ctinow/198952", "content": "https://ift.tt/6r2C0Bb\nCVE-2024-2154", "creation_timestamp": "2024-03-04T02:21:36.000000Z"}]}