Описание
Arbitrary Code Execution in mathjs
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
Recommendation
Upgrade to version 3.17.0 or later.
Ссылки
Пакеты
Наименование
mathjs
npm
Затронутые версииВерсия исправления
< 3.17.0
3.17.0
Связанные уязвимости
CVSS3: 9.8
nvd
около 8 лет назад
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.