Количество 3
Количество 3
CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.
GHSA-jc85-fpwf-qm7x
expr-eval does not restrict functions passed to the evaluate function
BDU:2025-14089
Уязвимость функции estimate() библиотеки expr-eval, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-12735 The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution. | CVSS3: 9.8 | 0% Низкий | 3 месяца назад |
| GHSA-jc85-fpwf-qm7x expr-eval does not restrict functions passed to the evaluate function | 0% Низкий | 3 месяца назад | |
 | BDU:2025-14089 Уязвимость функции estimate() библиотеки expr-eval, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу