Description
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
Remediation
References
Related Vulnerabilities
PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5287)
Liferay DXP Other Vulnerability (CVE-2023-33947)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4588)
WordPress Plugin XO Security Cross-Site Scripting (1.5.2)
WordPress 2.0.6 'Zend_Hash_Del_Key_Or_Index' SQL Injection Vulnerability (0.6.2 - 2.0.6)