EUVD-2022-5939

Malicious code in bioql PyPI...

Arbitrary Code Execution

metacalc is vulnerable to arbitrary code execution. The vulnerability exists in sheet.js due to lack of validation in Math class which allows an attacker to inject and execute arbitrary code...

Code Injection in metacalc

The package metacalc before 0.0.2 is vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

GHSA-5GC4-CX9X-9C43 Code Injection in metacalc

The package metacalc before 0.0.2 is vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

Design/Logic Flaw

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

metacalc 代码注入漏洞

metacalc is a Metarhia spreadsheet calculator for the Metarhia community. A security vulnerability exists in versions of metacalc prior to 0.0.2, which stems from vulnerability to arbitrary code execution attacks. An attacker exploited the vulnerability to access the Function constructor of...

CVE-2022-21122 Arbitrary Code Execution

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

CVE-2022-21122

CVE-2022-21122 affects metacalc prior to 0.0.2. The root cause is exposure of JavaScript Math to the v8 context, which allows access to Function constructor and arbitrary code execution. Documented in multiple sources (Snyk, GHSA, Veracode, OSV/NVD mirrors). Impact is arbitrary code execution thr...

CVE-2022-21122

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

PT-2022-14865

Name of the Vulnerable Software and Affected Versions metacalc versions prior to 0.0.2 Description The issue allows for Arbitrary Code Execution when the Math class is exposed to the v8 context, enabling access to JavaScript's Function constructor. This exposure to user-land can be exploited...