Vulnerabilities

 1 via 1 paths

Dependencies

 7

Source

 GitHub

Commit

 ac002370

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Arbitrary Code Execution

  • Vulnerable module: typed-function
  • Introduced through: typed-function@0.10.5

Detailed paths

  • Introduced through: mathjs@josdejong/mathjs#ac002370bd83be34c9dcdc3806fe286327e50751 typed-function@0.10.5
    Remediation: Upgrade to typed-function@0.10.6.

Overview

typed-function is a library used for type checking of JavaScript functions.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to the creation of a typed function with JavaScript code in the _name variable.

Remediation

Upgrade typed-function to version 0.10.6 or higher.

References

Arbitrary Code Execution vulnerability report