mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes

Impact This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. Patches The issue was introduced in mathjs v13.1.0, an...

EUVD-2021-1224

Malware in sbrugna...

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

Prototype Pollution

Overview mathjs before version 7.5.1 is vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. Recommendation Upgrade to version 7.5.1 or later References - CVE - GitHub Advisory...

2d-topopt (=0.1.0), 2d-transformation-solver (>=0.1.1 <=0.2.0) +2970 more potentially affected by CVE-2020-7743 via mathjs (>=0.10.0 <=7.5.0)

mathjs NPM version =0.10.0, =0.1.1, =1.0.0, =0.0.1, =0.0.2, =3.1.3, =2.6.0, =0.9.0, =1.0.0, =1.0.0, =1.0.1 - @abcaustralia/campaign-health-quiz =1.1.1 - @abear/hnode-tools =0.0.1 and more Source cves: CVE-2020-7743 Source advisory: OSV:GHSA-X2FC-MXCX-W4MF...

Prototype Pollution in mathjs

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

GHSA-X2FC-MXCX-W4MF Prototype Pollution in mathjs

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

Prototype Pollution

mathjs is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2020-7743

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

CVE-2020-7743

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

CVE-2020-7743

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

Default configuration

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

CVE-2020-7743 Prototype Pollution

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates...

CVE-2020-7743

The vulnerability described in CVE-2020-7743 affects the mathjs package prior to version 7.5.1, enabling Prototype Pollution via the deepExtend function during configuration updates. This is a general software vulnerability in mathjs, with no explicit exploit details provided in the connected doc...

@baic/yolk (>=1.0.0-alpha.2 <=1.0.0-alpha.43), @baic/yolk-miniapp (>=1.0.0-alpha.1 <=1.0.0-alpha.43) +4 more potentially affected by CVE-2020-7743 via mathjs (>=7.1.0 <=7.5.0)

mathjs NPM version =7.1.0, =1.0.0-alpha.2, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.3, =2.0.12, =2.2.25 Source cves: CVE-2020-7743 Source advisory: SNYK:JS-MATHJS-1016401...

Prototype Pollution

Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...

Arbitrary Code Execution

mathjs is vulnerable to arbitrary code exection through javascript injection. The vulnerability exists as arbitrary method in Object.prototype can be called through validateSafeMethod...

2d-topopt (=0.1.0), 3net.js (>=0.0.1 <=0.2.4) +2094 more potentially affected by CVE-2017-1001003 via mathjs (>=0.10.0 <=3.16.5)

mathjs NPM version =0.10.0, =0.0.1, =0.0.2, =3.1.3, =2.6.0, =1.0.0, =1.3.0, =2.0.0, =0.1.0, =5.10.2-alpha.1, =5.10.2-alpha.2, =2.0.0, =4.10.2 and more Source cves: CVE-2017-1001003 Source advisory: OSV:GHSA-PV8X-P9HQ-J328...

2d-topopt (=0.1.0), 3net.js (>=0.0.1 <=0.2.4) +2094 more potentially affected by CVE-2017-1001002 via mathjs (>=0.10.0 <=3.16.5)

mathjs NPM version =0.10.0, =0.0.1, =0.0.2, =3.1.3, =2.6.0, =1.0.0, =1.3.0, =2.0.0, =0.1.0, =5.10.2-alpha.1, =5.10.2-alpha.2, =2.0.0, =4.10.2 and more Source cves: CVE-2017-1001002 Source advisory: OSV:GHSA-VX5C-87QX-CV6C...

Math.js JavaScript Engine Arbitrary Code Execution Vulnerability

Math.js is a math library for JavaScript and Node.js , it supports symbolic computation , a large number of built-in functions and constants . JavaScript engine is one of the JavaScript engine . An arbitrary code execution vulnerability exists in the JavaScript engine in versions of Math.js prior...