GHSA-29qv-4j9f-fjw5

Source

https://github.com/advisories/GHSA-29qv-4j9f-fjw5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-29qv-4j9f-fjw5/GHSA-29qv-4j9f-fjw5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-29qv-4j9f-fjw5

Aliases

CVE-2026-40897

Related

CGA-86p8-28p6-g554

Published

2026-04-16T22:38:43Z

Modified

2026-05-05T15:56:18.716502Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Unsafe object property setter in mathjs

Details

Impact

This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.

Patches

The issue was introduced in mathjs v13.1.1, and patched in mathjs v15.2.0.

Workarounds

There is no workaround without upgrading to v15.2.0.

References

You can find out more via the commit fixing this issue: https://github.com/josdejong/mathjs/commit/513ab2a0e01004af91b31aada68fae8a821326ad (part of PR https://github.com/josdejong/mathjs/pull/3656).

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T22:38:43Z",
    "cwe_ids": [
        "CWE-915"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2026-04-24T17:16:20Z"
}

References

Affected packages

npm / mathjs

Package

Name: mathjs; View open source insights on deps.dev
Purl: pkg:npm/mathjs

Affected ranges

Type: SEMVER
Events: Introduced

13.1.1

Fixed

15.2.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-29qv-4j9f-fjw5/GHSA-29qv-4j9f-fjw5.json"