Description
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
Remediation
References
https://github.com/josdejong/mathjs/blob/master/HISTORY.md#2017-11-18-version-3170
https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761
Related Vulnerabilities
CVE-2020-10693 Vulnerability in maven package org.hibernate:hibernate-validator
CVE-2018-20835 Vulnerability in npm package tar-fs
CVE-2020-16015 Vulnerability in npm package electron
CVE-2020-1727 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2013-2186 Vulnerability in maven package commons-fileupload:commons-fileupload