CVE-2020-7743

High

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

snyk·CWE-1321·Published 2020-10-13

CVSS

7.3

EPSS

0.04

KEV

Exploits

cve.orgen

135 chars

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

NVDen

135 chars

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

OSV.deven

135 chars

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

GHSAen

135 chars

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

NVDes

192 chars

Las versiones anteriores a 7.5.1 del paquete mathjs, son vulnerables a una Contaminación de Prototipo por medio de la función deepExtend que se ejecuta con las actualizaciones de configuración

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	7.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L