CNNVD-202511-469 Information

CNNVD ID

CNNVD-202511-469

Related CVE

CVE-2025-12735

• CNNVD Published: 2025-11-05

Description (Chinese)

JavaScript Expression Evaluator是Matthew Crumley个人开发者的一个数学计算器。 JavaScript Expression Evaluator存在安全漏洞，该漏洞源于输入验证不足，可能导致执行任意代码。

Description (English)

JavaScript Exchange Evaluator is a mathematical calculator for Matthew Crumley’s personal developer. JavaScript Expression Evaluator has a security loophole, which stems from inadequate input validation and may lead to the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-05

Last Modified

2026-02-24

References

https://www.npmjs.com/package/expr-eval-fork https://github.com/jorenbroekema/expr-eval https://github.com/silentmatt/expr-eval/pull/288 https://github.com/jorenbroekema/expr-eval/blob/460b820ba01c5aca6c5d84a7d4f1fa5d1913c67b/test/security.js https://kb.cert.org/vuls/id/263614 https://www.kb.cert.org/vuls/id/263614 https://github.com/advisories/GHSA-jc85-fpwf-qm7x https://access.redhat.com/security/cve/cve-2025-12735