Critical severity9.8NVD Advisory· Published Nov 27, 2017· Updated Jun 17, 2026
CVE-2017-1001003
CVE-2017-1001003
Description
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mathjsnpm | < 3.17.0 | 3.17.0 |
Affected products
3- math.js/math.jsv5Range: 3.17.0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.