Bring Sonatype intelligence to your IDE and AI workflows with the Sonatype MCP server.
Discover, assess, and secure your open source components with confidence.
From selecting the best versions to identifying vulnerabilities, ensuring license compliance, and receiving real-time remediation guidance,
everything you need to build safer software, faster.
Get setup now
[CVE-2024-21537] CWE-94: Improper Control of Generation of Code ('Code Injection')
Description
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function.