mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes

Severity:: High

Description

This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.

Recommendation

Update the mathjs package to the latest compatible version. Followings are version details:

Affected version(s): >= 13.1.0, < 15.2.0
Patched version(s): 15.2.0

References

GHSA-jvff-x2qm-6286
CVE-2026-41139
CWE-915
CAPEC-310
OWASP 2021-A6
OWASP 2021-A8

Related Issues

Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util - CVE-2019-10806
Unsafe object property setter in mathjs - CVE-2026-40897
Parse Server's custom object ID allows to acquire role privileges - CVE-2024-47183
Axios: no_proxy bypass via IP alias allows SSRF - CVE-2026-42038

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; mathjs

Anything's wrong? Let us know Last updated on May 08, 2026