Vulnerabilities

 1 via 1 paths

Dependencies

 6

Source

 GitHub

Commit

 1dd67cd5

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Arbitrary Code Execution

  • Vulnerable module: typed-function
  • Introduced through: typed-function@0.10.5

Detailed paths

  • Introduced through: mathjs@josdejong/mathjs#1dd67cd59110edf5ef0fc20becad7937310ef9e1 typed-function@0.10.5
    Remediation: Upgrade to typed-function@0.10.6.

Overview

typed-function is a library used for type checking of JavaScript functions.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to the creation of a typed function with JavaScript code in the _name variable.

Remediation

Upgrade typed-function to version 0.10.6 or higher.

References

Arbitrary Code Execution vulnerability report