29 matches found
CVE-2017-1001003
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object...
CVE-2017-1001003
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object...
CVE-2017-1001002
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution...
CVE-2017-1001002
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution...
CVE-2017-1001003
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object...
CVE-2017-1001002
math.js before 3.17.0 allows arbitrary code execution in the JavaScript engine by creating a typed function with JavaScript code in the name. The vulnerability affects math.js (and has been referenced in OpenVAS/OSV/NVD entries) and can lead to code execution on affected systems. Affected compone...
CVE-2017-1001002
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution...
CVE-2017-1001003
CVE-2017-1001003 affects math.js prior to 3.17.0. The issue allows private properties (e.g., a constructor) to be replaced by using Unicode characters when creating an object, which can alter object behavior. Documents reference upgrades to 3.17.0+ as the advised remediation and indicate the vuln...
math.js remote code execution vulnerability
This article explains in short how we found, exploited and reported a remote code execution RCE vulnerability. It is meant to be a guide to finding vulnerabilities, as well as reporting them in a responsible manner. Step one: discovery While playing around with a wrapper of the math.js API...