GHSA-vx5c-87qx-cv6c

Опубликовано: 18 дек. 2017

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Arbitrary Code Execution in mathjs

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

Recommendation

Update to version 3.17.0 or later.

Ссылки

Пакеты

Наименование

mathjs

npm

Затронутые версииВерсия исправления

< 3.17.0

3.17.0

EPSS

Процентиль: 77%

0.01044

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2017-1001002

Дефекты

CWE-94

Связанные уязвимости

CVE-2017-1001002

CVSS3: 9.8

nvd

около 8 лет назад

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

EPSS

Процентиль: 77%

0.01044

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2017-1001002

Дефекты

CWE-94