Vulnerabilities > CVE-2020-7743 - Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Mathjs

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mathjs
CWE-915

Summary

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

Vulnerable Configurations

Part Description Count
Application
Mathjs
190