mathjs 3.1.4
Arbitrary Code Execution in mathjs
critical severity CVE-2017-1001003< 3.17.0
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
Recommendation
Upgrade to version 3.17.0 or later.
Arbitrary Code Execution in mathjs
critical severity CVE-2017-1001002< 3.17.0
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
Recommendation
Update to version 3.17.0 or later.
Prototype Pollution in mathjs
high severity CVE-2020-7743< 7.5.1
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
Author did not declare license for this package in the source code.
This package version has a Apache-2.0 license in the source code, however it was not declared in the source code.
This package version is available.
This package version has not been yanked and is still available for usage.