Intel

AIKIDO-2024-10001

lilconfig is vulnerable to Code Injection

Code InjectionCVE-2024-21537 Published Feb 23, 2024

50

Medium Risk

This Affects:

JSlilconfig
3.1.0 - 3.1.0
Fixed in 3.1.1
Are you affected? Scan for Free

TL;DR

A code injection vulnerability was silently addressed in version 3.1.1 of lilconfig, impacting all uses of the package in earlier versions.

Who does this affect?

You are affected by this flaw if you use the 3.1.0 version of this package.

Background info

lilconfig is vulnerable to Code Injection in versions 3.1.0 - 3.1.0.

How to fix this

To fix, upgrade to lilconfig 3.1.1 or above.