From 297916cae99cfebdc3a63e1a183755ad5ea305b3 Mon Sep 17 00:00:00 2001 From: Marcos Marado Date: Sat, 11 Apr 2026 19:36:04 +0100 Subject: [PATCH] Improve GHSA-jvff-x2qm-6286 --- .../2026/04/GHSA-jvff-x2qm-6286/GHSA-jvff-x2qm-6286.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advisories/github-reviewed/2026/04/GHSA-jvff-x2qm-6286/GHSA-jvff-x2qm-6286.json b/advisories/github-reviewed/2026/04/GHSA-jvff-x2qm-6286/GHSA-jvff-x2qm-6286.json index cd99f8d6ad1cc..25a4b0504d6e6 100644 --- a/advisories/github-reviewed/2026/04/GHSA-jvff-x2qm-6286/GHSA-jvff-x2qm-6286.json +++ b/advisories/github-reviewed/2026/04/GHSA-jvff-x2qm-6286/GHSA-jvff-x2qm-6286.json @@ -1,11 +1,11 @@ { "schema_version": "1.4.0", "id": "GHSA-jvff-x2qm-6286", - "modified": "2026-04-10T22:10:49Z", + "modified": "2026-04-10T22:10:51Z", "published": "2026-04-10T22:10:49Z", "aliases": [], "summary": "mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes", - "details": "### Impact\nTwo security vulnerabilities where detected that allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.\n\n### Patches\nThe problem is patched in mathjs v15.2.0.\n\n### Workarounds\nThere is no workaround without upgrading.", + "details": "### Impact\nTwo security vulnerabilities, one introduced in mathjs v13.1.0, and another in mathjs v13.1.1, where detected that allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.\n\n### Patches\nThe problem is patched in mathjs v15.2.0.\n\n### Workarounds\nThere is no workaround without upgrading.", "severity": [ { "type": "CVSS_V3", @@ -23,7 +23,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "13.1.0" }, { "fixed": "15.2.0"