CVE-2017-1001002

CVE-2017-1001002

Vendor Math.js
Product math.js
Weakness CWE-94 · Code injection
Published November 27, 2017
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

Key dates

02Disclosure timeline

November 27, 2017 CVE published
September 16, 2024 Record updated