CVE-2017-1001004 — Arbitrary JavaScript Execution in typed-function

描述

Versions of `typed-function` prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code. ## Recommendation Upgrade to version 0.10.6 or later.

如何修補 CVE-2017-1001004

要修補 CVE-2017-1001004,請將受影響套件升級到下列已修補版本。

npm/typed-function—升級至 0.10.6 或更新版本

CVE-2017-1001004 正在被利用嗎?

低 — EPSS 為 0.8%,目前沒有觀察到大規模利用活動。

受影響套件(1)

from 0, < 0.10.6

參考連結(6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-1001004
WEBgithub.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106
WEBgithub.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe
WEB