Description
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2007-5512 Vulnerability (CVE-2007-5512)
WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (6.0.6)
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-7943)
Apache Traffic Server CVE-2023-41752 Vulnerability (CVE-2023-41752)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2642)