The package metacalc before 0.0.2... CVE-2022-21122

7.5 AV AC AU C I A
发布: 2022-06-08
修订: 2024-11-21

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor.

0%
暂无可用Exp或PoC
当前有1条受影响产品信息