GHSA-jvff-x2qm-6286

ADVISORY - github

Summary

Impact

Two security vulnerabilities where detected that allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.

Patches

The problem is patched in mathjs v15.2.0.

Workarounds

There is no workaround without upgrading.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-915⁠

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.