3 matches found
2d-topopt (=0.1.0), 3net.js (>=0.0.1 <=0.2.4) +2095 more potentially affected by CVE-2017-1001003 via mathjs (>=0.10.0 <=3.16.5)
mathjs NPM version =0.10.0, =0.0.1, =0.0.2, =3.1.3, =2.6.0, =1.0.0, =1.3.0, =2.0.0, =0.1.0, =5.10.2-alpha.1, =5.10.2-alpha.2, =2.0.0, =4.10.2 and more Source cves: CVE-2017-1001003 Source advisory: OSV:GHSA-PV8X-P9HQ-J328...
CVE-2017-1001003
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object...
CVE-2017-1001003
CVE-2017-1001003 affects math.js prior to 3.17.0. The issue allows private properties (e.g., a constructor) to be replaced by using Unicode characters when creating an object, which can alter object behavior. Documents reference upgrades to 3.17.0+ as the advised remediation and indicate the vuln...