Severity: critical

Arbitrary Code Execution



math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.


Update to version 3.17.0 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Dec 6th, 2017
  2. reported

    Dec 6th, 2017