mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff.
Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the expression parser. An attacker can execute arbitrary JavaScript code by sending malicious expressions for evaluation.