This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.
Two security vulnerabilities, the first of which was introduced in version 13.1.0, were detected that allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.
This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.
The mathjs package is vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
mathjs has an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
math.js has an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.