CVE-2017-1001003
N/A
N/A
Summary
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| math.js | math.js | 3.17.0 | affected |
Weaknesses
- CWE-88: CWE-88: Argument Injection or Modification
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170
- https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761
References
- https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170
- https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.