Lucene search
K

29 matches found

OSV
OSV
added 2017/11/27 2:29 p.m.10 views

CVE-2017-1001003

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object...

9.8CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2017/11/27 2:29 p.m.27 views

CVE-2017-1001003

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object...

9.8CVSS9.4AI score0.01689EPSS
Exploits0References2
NVD
NVD
added 2017/11/27 2:29 p.m.18 views

CVE-2017-1001002

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution...

9.8CVSS9.6AI score0.02357EPSS
Exploits0References2
OSV
OSV
added 2017/11/27 2:29 p.m.15 views

CVE-2017-1001002

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution...

9.8CVSS7.5AI score
Exploits0References2
Cvelist
Cvelist
added 2017/11/27 2:0 p.m.27 views

CVE-2017-1001003

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object...

9.5AI score0.01689EPSS
Exploits0References2
CVE
CVE
added 2017/11/27 2:0 p.m.56 views

CVE-2017-1001002

math.js before 3.17.0 allows arbitrary code execution in the JavaScript engine by creating a typed function with JavaScript code in the name. The vulnerability affects math.js (and has been referenced in OpenVAS/OSV/NVD entries) and can lead to code execution on affected systems. Affected compone...

9.8CVSS9.6AI score0.02357EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/11/27 2:0 p.m.25 views

CVE-2017-1001002

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution...

9.7AI score0.02357EPSS
Exploits0References2
CVE
CVE
added 2017/11/27 2:0 p.m.59 views

CVE-2017-1001003

CVE-2017-1001003 affects math.js prior to 3.17.0. The issue allows private properties (e.g., a constructor) to be replaced by using Unicode characters when creating an object, which can alter object behavior. Documents reference upgrades to 3.17.0+ as the advised remediation and indicate the vuln...

9.8CVSS9.3AI score0.01689EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2017/04/02 12:0 a.m.55 views

math.js remote code execution vulnerability

This article explains in short how we found, exploited and reported a remote code execution RCE vulnerability. It is meant to be a guide to finding vulnerabilities, as well as reporting them in a responsible manner. Step one: discovery While playing around with a wrapper of the math.js API...

8AI score
Exploits0
Rows per page
Query Builder