Vulnerabilities

 1 via 2 paths

Dependencies

 25

Source

 GitHub

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Improperly Controlled Modification of Dynamically-Determined Object Attributes

  • Vulnerable module: mathjs
  • Introduced through: mathjs@10.6.4 and fitness-models@6.0.0

Detailed paths

  • Introduced through: fitbit-api-handler@fabulator/fitbit-api-handler mathjs@10.6.4
    Remediation: Upgrade to mathjs@15.2.0.
  • Introduced through: fitbit-api-handler@fabulator/fitbit-api-handler fitness-models@6.0.0 mathjs@10.6.4

Overview

mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff.

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the expression parser. An attacker can execute arbitrary JavaScript code by sending malicious expressions for evaluation.

Remediation

Upgrade mathjs to version 15.2.0 or higher.

References

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability report