Description

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

Remediation

References

CVE-2020-7743

Related Vulnerabilities

Internet Information Services Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-1999-0007)

RubyGems Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-8323)

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce Unspecified Vulnerability (1.2.6.2)

WordPress Plugin Taxonomy Converter Unspecified Vulnerability (1.1)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2019-3894)

Severity

High

Classification

CVE-2020-7743 CWE-915 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities