Description
Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code.
Recommendation
Update the typed-function package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.10.6
- Patched version(s): 0.10.6
References
Related Issues
- Svelecte item names vulnerable to execution of arbitrary JavaScript - CVE-2023-38687
- jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" pr - CVE-2026-25940
- Arbitrary Code Execution in mathjs - mathjs - CVE-2017-1001002
- HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft - CVE-2026-46496
You might also like:
- Tags:
- npm
- typed-function
Anything's wrong? Let us know Last updated on January 09, 2023


