gwhitney

2 exploits Active since Nov 2017

CVE-2017-1001002 WRITEUP CRITICAL WRITEUP

math.js < 3.17.0 - Remote Code Execution via Typed Function Name Injection

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

CVSS 9.8

View Code

CVE-2017-1001004 WRITEUP HIGH WRITEUP

typed-function < 0.10.6 - Remote Code Execution via Typed Function Name

typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

CVSS 8.8

View Code