CVE-2020-7743
Summary
| CVE | CVE-2020-7743 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-13 10:15:00 UTC |
| Updated | 2022-06-28 14:11:00 UTC |
| Description | The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. |
Risk And Classification
Problem Types: CWE-1321
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Prototype Pollution in org.webjars.bower:mathjs | Snyk | MISC | snyk.io | Exploit, Mitigation, Third Party Advisory |
| Prototype Pollution in org.webjars:mathjs | Snyk | MISC | snyk.io | Exploit, Mitigation, Third Party Advisory |
| Fix object pollution vulnerability in `math.config` · josdejong/mathjs@ecb8051 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Prototype Pollution in mathjs | Snyk | MISC | snyk.io | Exploit, Mitigation, Third Party Advisory |
| Prototype Pollution in org.webjars.npm:mathjs | Snyk | MISC | snyk.io | Exploit, Mitigation, Third Party Advisory |
| github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82 | MISC | github.com | Broken Link, Third Party Advisory |
| mathjs/object.js at develop · josdejong/mathjs · GitHub | MITRE | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Alessio Della Libera (d3lla)
Legacy QID Mappings
- 982619 Nodejs (npm) Security Update for mathjs (GHSA-x2fc-mxcx-w4mf)