Affected versions of the package are vulnerable to Arbitrary Code Execution. The
isSafeMethod was able to call other methods (like bind) which is not allowed and could cause code execution on the remote server.
mathjs to version 3.13.3 or higher.
- Jos De Jong
- Snyk ID
- 27 May, 2017
- 28 Jan, 2018