Description
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2017-0366 | math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. |
Github GHSA |
GHSA-vx5c-87qx-cv6c | Arbitrary Code Execution in mathjs |
References
History
No history.
Status: PUBLISHED
Assigner: joshbressers
Published:
Updated: 2024-09-16T16:59:06.220Z
Reserved: 2017-11-27T00:00:00.000Z
Link: CVE-2017-1001002
No data.
Status : Modified
Published: 2017-11-27T14:29:00.240
Modified: 2026-06-17T00:59:18.840
Link: CVE-2017-1001002
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-94
Improper Control of Generation of Code ('Code Injection')
EUVD
Github GHSA