CVE-2020-7743
HIGHmathjs < 7.5.1 - Prototype Pollution via deepExtend Function
Title source: llmDescription
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
References (6)
Core 6
Core References
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-MATHJS-1016401
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113
Broken Link, Third Party Advisory x_refsource_misc
https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82
Patch, Third Party Advisory x_refsource_misc
https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e
Scores
CVSS v3
7.3
EPSS
0.0388
EPSS Percentile
88.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-1321
Status
published
Products (2)
mathjs/mathjs
< 7.5.1
npm/mathjs
0 - 7.5.1npm
Published
Oct 13, 2020
Tracked Since
Feb 18, 2026