PT-2024-40423 · Library · Library
Published
2024-12-02
·
Updated
2024-12-02
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Library versions 0.2.2 through 1.0.9
Description
The issue is related to arbitrary code execution due to the unsafe usage of
new Function(...) in the module handling points format. Applications that pass the 3rd parameter to the hull function without sanitizing may be impacted.Recommendations
For versions 0.2.2 through 1.0.9, update the library to version 1.0.10 to resolve the issue. As a temporary workaround, consider sanitizing the 3rd parameter passed to the
hull function to minimize the risk of exploitation.Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Library