CVE-2017-1001004
N/A
N/A
Summary
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| typed-function | typed-function | 0.10.6 | affected |
Weaknesses
- CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe
- https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106
References
- https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe
- https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.