CNNVD-202511-1751 Information

CNNVD ID

CNNVD-202511-1751

Related CVE

CVE-2025-13204

• CNNVD Published: 2025-11-14

Description (Chinese)

JavaScript Expression Evaluator是Matthew Crumley个人开发者的一个数学计算器。 JavaScript Expression Evaluator存在安全漏洞，该漏洞源于原型污染，可能导致执行任意代码。

Description (English)

JavaScript Exchange Evaluator is a mathematical calculator for Matthew Crumley’s personal developer. JavaScript Expression Evaluator has a security loophole that originates from prototype contamination and may lead to the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-14

Last Modified

2026-02-24

References

https://github.com/SECCON/SECCON2022_final_CTF/blob/main/jeopardy/web/babybox/solver/solver.py https://github.com/jorenbroekema/expr-eval https://github.com/silentmatt/expr-eval https://github.com/silentmatt/expr-eval/pull/252/files https://github.com/vladko312/extras/blob/f549d505af300fd74a01b46fab2102990ff1c14d/expr-eval.py https://www.huntr.dev/bounties/1-npm-expr-eval/ https://www.npmjs.com/package/expr-eval-fork