math-codegen Remote Code Execution Vulnerability via String Literal Injection
Vulnerability
A remote code execution vulnerability exists in math-codegen versions prior to 0.4.3. The issue arises because string literals sent to the function 'cg.parse()' are injected directly into a 'new Function()' body without any sanitization. This flaw enables attackers to execute arbitrary system commands if user-controlled input is allowed to reach the parser. Applications with a math evaluation endpoint that processes user input through 'cg.parse()' are susceptible to this vulnerability.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the server where the affected application is running.
Remediation
Users are advised to upgrade to math-codegen version 0.4.3 or later. The vulnerability has been fixed by modifying the code generation process to include proper sanitization of string literals, ensuring they are treated as data rather than executable code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.