CVE-2017-1001003

Summary

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.

Affected Software

VendorProductVersion RangeStatus
math.jsmath.js3.17.0affected

Weaknesses

  • CWE-88: CWE-88: Argument Injection or Modification

ADP Enrichment

CVE Program Container

Additional References

References