Unicode Character Vulnerability in math.js (before 3.17.0) Allows Replacement of Private Properties

Unicode Character Vulnerability in math.js (before 3.17.0) Allows Replacement of Private Properties

CVE-2017-1001003 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.

Learn more about our Web Application Penetration Testing UK.