Description
Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code.
Recommendation
Update the typed-function package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.10.6
- Patched version(s): 0.10.6
References
Related Issues
- Svelecte item names vulnerable to execution of arbitrary JavaScript - CVE-2023-38687
- XSS vulnerability allowing arbitrary JavaScript execution - CVE-2021-41174
- Arbitrary Code Execution in mathjs (GHSA-vx5c-87qx-cv6c) - CVE-2017-1001002
- Arbitrary Code Execution in mathjs - CVE-2017-1001003
- Tags:
- npm
- typed-function
Anything's wrong? Let us know Last updated on January 09, 2023