"Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0."
Math.js, a comprehensive mathematics library for JavaScript and Node.js, contains a critical security vulnerability in its expression parser affecting versions 13.1.0 through 15.1.9. The vulnerability permits attackers to execute arbitrary JavaScript code by exploiting improperly controlled modification of dynamically-determined object attributes. This flaw stems from insufficient input validation in the parser component. The vulnerability has been addressed and resolved in version 15.2.0, which users should upgrade to immediately to mitigate security risks.
Read at Nist
Unable to calculate read time
Collection
[
|
...
]