High severity8.8NVD Advisory· Published Nov 27, 2017· Updated Jun 17, 2026
CVE-2017-1001004
CVE-2017-1001004
Description
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typed-functionnpm | < 0.10.6 | 0.10.6 |
Affected products
3cpe:2.3:a:typed_function_project:typed_function:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:typed_function_project:typed_function:*:*:*:*:*:*:*:*range: <0.10.6
- (no CPE)range: 0.10.6
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-3qh4-r86r-grvmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1001004ghsaADVISORY
- github.com/josdejong/typed-function/blob/master/HISTORY.mdnvdWEB
- github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fenvdWEB
- github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6feghsaWEB
- snyk.io/vuln/SNYK-JS-TYPEDFUNCTION-174139ghsaWEB
- www.npmjs.com/advisories/819ghsaWEB
News mentions
0No linked articles in our index yet.