VDB
CVE-2020-7743
CVE-2020-7743
PUBLISHED
CVSS 7.300000190734863 HIGH
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
EPSS 1.68% · 82.6th percentile
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
1.68%
82.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mathjs | mathjs | 0 |
| npm | mathjs | 0 |
| n/a | mathjs | unspecified |
Exploit Intelligence
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113 (nist-nvd)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112 (nist-nvd)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111 (nist-nvd)
- https://snyk.io/vuln/SNYK-JS-MATHJS-1016401 (nist-nvd)
- https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82 (circl)
- https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e (circl)
Timeline
- Oct 13, 2020 CVE Published
- Oct 29, 2020 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://snyk.io/vuln/SNYK-JS-MATHJS-1016401 url
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111 url
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112 url
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113 url
- https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82 url
- https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e url
- https://nvd.nist.gov/vuln/detail/CVE-2020-7743 advisory
- https://github.com/josdejong/mathjs/blob/develop/HISTORY.md#2020-10-10-version-751 url
- https://www.npmjs.com/package/mathjs url