CVE-2017-1001004

Description

typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

References

Link	Tags
https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe
https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106

Frequently Asked Questions

What is the severity of CVE-2017-1001004?: CVE-2017-1001004 has been scored as a high severity vulnerability.
How to fix CVE-2017-1001004?: To fix CVE-2017-1001004, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-1001004 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2017-1001004 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-1001004?: CVE-2017-1001004 affects typed-function typed-function.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Categories

CWE-94 – Improper Control of Generation of Code ('Code Injection')

CWE-20 – Improper Input Validation

References

Frequently Asked Questions