PT-2020-19760 · Mathjs · Math.Js

Published

2020-10-13

Updated

2021-05-10

CVE-2020-7743

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions mathjs versions prior to 7.5.1

Description The issue concerns Prototype Pollution via the deepExtend function, which is triggered by configuration updates. This function is part of the mathjs package.

Recommendations For versions prior to 7.5.1, update to version 7.5.1 or later to resolve the issue. As a temporary workaround, consider restricting configuration updates until the update is applied.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-915

Related Identifiers

CVE-2020-7743

GHSA-X2FC-MXCX-W4MF

SNYK-JAVA-ORGWEBJARS-1017113

SNYK-JAVA-ORGWEBJARSBOWER-1017112

SNYK-JAVA-ORGWEBJARSNPM-1017111

SNYK-JS-MATHJS-1016401

Affected Products

Math.Js

PT-2020-19760 · Mathjs · Math.Js

CVE-2020-7743

Weakness Enumeration

Related Identifiers

Affected Products

References · 12