Math.js CVE-2017-1001002 Arbitrary Code Execution Vulnerability
BID:106491
Info
Math.js CVE-2017-1001002 Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 106491 |
| Class: | Input Validation Error |
| CVE: |
CVE-2017-1001002 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 19 2017 12:00AM |
| Updated: | Dec 19 2017 12:00AM |
| Credit: | Masato Kinugawa |
| Vulnerable: |
Mathjs Math.js 3.16.5 Mathjs Math.js 3.16 Mathjs Math.js 3.0 Mathjs Math.js 2.0 Mathjs Math.js 1.0 Elasticsearch Kibana 6.1 |
| Not Vulnerable: |
Mathjs Math.js 3.17 Elasticsearch Kibana 6.1.1 |
Discussion
Math.js CVE-2017-1001002 Arbitrary Code Execution Vulnerability
Math.js is prone to an arbitrary code-execution vulnerability.
A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition.
Versions prior to Math.js 3.17.0 are vulnerable.
Math.js is prone to an arbitrary code-execution vulnerability.
A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition.
Versions prior to Math.js 3.17.0 are vulnerable.
Exploit / POC
Math.js CVE-2017-1001002 Arbitrary Code Execution Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Math.js CVE-2017-1001002 Arbitrary Code Execution Vulnerability
References:
References:
- 2017-11-18, version 3.17.0 (Mathjs)
- Fixed a security issue in `typed-function` allowing arbitrary code execution (Github)
- Mathjs Homepage (Mathjs)
- Elasticsearch Security Issues (Elasticsearch)