GHSA-jvff-x2qm-6286

ADVISORY - github

Summary

Impact

Two security vulnerabilities where detected that allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.

Patches

The problem is patched in mathjs v15.2.0.

Workarounds

There is no workaround without upgrading.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-915⁠

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Impacted images

Advisories

GitHub

CREATED

15 hours ago

UPDATED

15 hours ago

ADVISORY IDGHSA-jvff-x2qm-6286⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.8high