Lucene search

GoogleOSV:CVE-2020-7743

HistoryOct 13, 2020 - 10:15 a.m.

CVE-2020-7743

2020-10-1310:15:13

Google

osv.dev

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

CPENameOperatorVersion
mathjseq0.26.0
mathjseq7.1.0
mathjseq0.7.0
mathjseq3.0.0
mathjseq5.4.0
mathjseq1.3.0
mathjseq3.18.0
mathjseq3.5.1
mathjseq3.18.1
mathjseq0.17.1

Name	Operator	Version
mathjs	eq	0.26.0
mathjs	eq	7.1.0
mathjs	eq	0.7.0
mathjs	eq	3.0.0
mathjs	eq	5.4.0
mathjs	eq	1.3.0
mathjs	eq	3.18.0
mathjs	eq	3.5.1
mathjs	eq	3.18.1
mathjs	eq	0.17.1

Rows per page:

1-10 of 1951

References

github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82

github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e

snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111

snyk.io/vuln/SNYK-JS-MATHJS-1016401