@carnesen/mathjs-app (>=0.0.2 <=0.0.5), @ia-cloud/node-red-contrib-ia-cloud-fds-raspberry-pi (>=0.1.0 <=0.1.1) +37 more potentially affected by CVE-2017-1001004 via typed-function (>=0.10.3 <=0.10.5)

typed-function NPM version =0.10.3, =0.0.2, =0.1.0, =1.0.0, =1.19.0, =1.13.0, =1.1.8, =0.5.1, =0.1.22, =0.5.1, =3.10.0, =0.0.3, =0.1.18 and more Source cves: CVE-2017-1001004 Source advisory: OSV:GHSA-3QH4-R86R-GRVM...

CVE-2017-1001004

typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution...

CVE-2017-1001004

typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution...

CVE-2017-1001004

The CVE-2017-1001004 entry affects the typed-function library in JavaScript prior to version 0.10.6. The underlying issue is that function names can contain JavaScript code, enabling arbitrary code execution in the JS engine. Affects typed-function up to 0.10.5; impact is arbitrary code execution...