Vulnerability Details CVE-2017-1001003
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170
- https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761
- https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170
- https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761
Products affected by CVE-2017-1001003
-
cpe:2.3:a:mathjs_project:mathjs:*