Metacalc · Metacalc · CVE-2022-21122
**Name of the Vulnerable Software and Affected Versions**
metacalc versions prior to 0.0.2
**Description**
The issue allows for Arbitrary Code Execution when the Math class is exposed to the v8 context, enabling access to JavaScript's Function constructor. This exposure to user-land can be exploited.
**Recommendations**
For versions prior to 0.0.2, update to version 0.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Math class to minimize the risk of exploitation.