9.8
CVE-2026-41507
- EPSS 0.39%
- Veröffentlicht 08.05.2026 13:49:34
- Zuletzt bearbeitet 12.05.2026 14:26:48
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginRemote Code Execution (RCE) via String Literal Injection into math-codegen
math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flows into cg.parse() is vulnerable to full RCE. This issue has been patched in version 0.4.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mauriciopoppe ≫ Math-codegen Version < 0.4.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.309 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
https://github.com/mauriciopoppe/math-codegen/security/advisories/GHSA-p6x5-p4xf-cc4r
https://github.com/mauriciopoppe/math-codegen/pull/11
https://github.com/mauriciopoppe/math-codegen/commit/4bb52d3030683362b3559ee8dd91350555a05f6b