Arbitrary Code Execution Affecting import-in-the-middle package, versions <1.4.2
Threat Intelligence
EPSS
0.22% (61st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-IMPORTINTHEMIDDLE-5826054
- published 8 Aug 2023
- disclosed 7 Aug 2023
- credit Unknown
Introduced: 7 Aug 2023
CVE-2023-38704 Open this link in a new tabHow to fix?
Upgrade import-in-the-middle
to version 1.4.2 or higher.
Overview
import-in-the-middle is an Intercept imports in Node.js
Affected versions of this package are vulnerable to Arbitrary Code Execution via the import-in-the-middle
loader. An attacker can execute remote code if an application passes user-supplied input directly to an import()
function.
References
CVSS Scores
version 3.1