Description
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
Remediation
References
https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170
https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761
Related Vulnerabilities
CVE-2020-2109 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-cps
CVE-2016-10540 Vulnerability in maven package org.webjars.bower:minimatch
CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core_3
CVE-2020-16040 Vulnerability in npm package electron
CVE-2020-8124 Vulnerability in maven package org.webjars.npm:url-parse