{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/mathjs/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["mathjs","rce","expression-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eMath.js is a popular open-source mathematics library for JavaScript. A critical vulnerability (GHSA-jvff-x2qm-6286) exists in versions prior to 15.2.0, allowing arbitrary JavaScript execution. This flaw stems from improperly controlled modification of dynamically-determined object attributes within the expression parser. Applications that utilize math.js to evaluate user-provided mathematical expressions are susceptible. The vulnerability was reported on April 10, 2026, and a patch was released in version 15.2.0. Successful exploitation could lead to complete compromise of the application\u0026rsquo;s server-side environment, enabling data theft, system modification, or denial of service.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious mathematical expression designed to exploit the vulnerability in math.js.\u003c/li\u003e\n\u003cli\u003eThe attacker submits the malicious expression to a vulnerable application that uses math.js for expression parsing.\u003c/li\u003e\n\u003cli\u003eThe application\u0026rsquo;s server-side code receives the input and passes it to the math.js \u003ccode\u003eevaluate()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003eevaluate()\u003c/code\u003e function processes the expression, leading to unintended modification of object attributes.\u003c/li\u003e\n\u003cli\u003eThis modification triggers the execution of arbitrary JavaScript code embedded within the malicious expression.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s JavaScript code executes within the context of the server-side application, bypassing security controls.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive data, modifies system configurations, or installs malicious software.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves full remote code execution (RCE), compromising the entire application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to execute arbitrary JavaScript code on the server running the vulnerable application. This can result in complete system compromise, including unauthorized data access, data modification, and denial of service. If the compromised application has access to sensitive databases or internal systems, the attacker can pivot to further compromise the internal network. The vulnerability impacts any application using math.js \u0026lt; 15.2.0 and allows users to evaluate arbitrary expressions, with potentially widespread consequences depending on the application\u0026rsquo;s role and permissions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade math.js to version 15.2.0 or later to patch the vulnerability (GHSA-jvff-x2qm-6286).\u003c/li\u003e\n\u003cli\u003eIf immediate patching is not possible, consider disabling or restricting user-provided expression evaluation functionalities.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules below to your SIEM to detect potential exploitation attempts against vulnerable math.js instances.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious patterns in user input indicative of expression injection attacks.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent malicious expressions from reaching the math.js parser.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-11T12:00:00Z","date_published":"2026-04-11T12:00:00Z","id":"/briefs/2026-04-mathjs-rce/","summary":"A vulnerability in math.js versions before 15.2.0 allows for arbitrary JavaScript execution through the expression parser when evaluating user-supplied expressions.","title":"Math.js Improperly Controlled Modification of Object Attributes Leads to RCE","url":"https://feed.craftedsignal.io/briefs/2026-04-mathjs-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Mathjs","version":"https://jsonfeed.org/version/1.1"}