CVE-2017-1001004

Published: Nov 27, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

Affected (1)

Products: Typed Function Project: Typed Function

Typed Function Project

1 product

Typed Function

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Typed Function Project Typed Function	Before 0.10.6

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106

Source: 46fe6300-5254-4a98-9594-a9567bec8179

https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe

Source: 46fe6300-5254-4a98-9594-a9567bec8179

https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.