Description
Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code.
Recommendation
Update the typed-function package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.10.6
- Patched version(s): 0.10.6
References
Related Issues
- jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" pr - CVE-2026-25940
- Svelecte item names vulnerable to execution of arbitrary JavaScript - CVE-2023-38687
- React Editable Json Tree vulnerable to arbitrary code execution via function parsing - CVE-2022-36010
- jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution - CVE-2026-24737
- Tags:
- npm
- typed-function
Anything's wrong? Let us know Last updated on January 09, 2023