The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
References
Link | Resource |
---|---|
https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82 | Broken Link Third Party Advisory |
https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113 | Exploit Mitigation Third Party Advisory |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112 | Exploit Mitigation Third Party Advisory |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111 | Exploit Mitigation Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-MATHJS-1016401 | Exploit Mitigation Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-10-13 10:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-7743
Mitre link : CVE-2020-7743
CVE.ORG link : CVE-2020-7743
JSON object : View
Products Affected
mathjs
- mathjs
CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')