Description
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
References (2)
Core 2
Core References
Patch x_refsource_confirm
https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe
Various Sources x_refsource_confirm
https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106
Scores
CVSS v3
8.8
EPSS
0.0075
EPSS Percentile
73.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-94
Status
published
Products (3)
npm/typed-function
0 - 0.10.6npm
typed-function/typed-function
0.10.6
typed_function_project/typed_function
< 0.10.6
Published
Nov 27, 2017
Tracked Since
Feb 18, 2026