math-codegen Remote Code Execution Vulnerability

math-codegen, Remote Code Execution (RCE) via String Literal Injection, GHSA-p6x5-p4xf-cc4r (Critical) The vulnerability resides in how `math-codegen` processes string literals. When an application passes user‑controlled input to cg.parse(), the library does not sanitize or escape the string content. Instead, it injects that content verbatim into the body of a dynamically generated JavaScript function using new Function(...). This turns any unsanitized string literal into executable code. An attacker can craft a malicious expression containing system commands (e.g., …...

mathjs, Improperly Controlled Modification of Dynamically-Determined Object Attributes, GHSA-jvff-x2qm-6286 (High) The vulnerability resides in the expression parser of the mathjs library, specifically in how it handles dynamically‑determined object attributes. When a user‑supplied expression is evaluated, the parser fails to properly sanitize or restrict the modification of these dynamic attributes. An attacker can craft an expression that manipulates object properties in a way that escapes the intended sandbox. By leveraging JavaScript’s prototype chain or by overwriting internal methods, the malicious expression can break out of the parser’s context and execute arbitrary JavaScript code....

mathjs, Improperly Controlled Modification of Dynamically-Determined Object Attributes, GHSA-jvff-x2qm-6286 (High) The vulnerability resides in the expression parser of the mathjs library, specifically in how it handles dynamically‑determined object attributes. When a user‑supplied expression is evaluated, the parser fails to properly sanitize or restrict the modification of these dynamic attributes. An attacker can craft an expression that manipulates object properties in a way that escapes the intended sandbox. By leveraging JavaScript’s prototype chain or by overwriting internal methods, the malicious expression can break out of the parser’s context and execute arbitrary JavaScript code....

So, Claude Code leaked source files we have Some hours ago Claude Code "by human mistake" pushed the source-maps of their TS code base into their NPM registry, and we all can learn more about the "Machines of Loving Grace" or at least about the client wrapper for those AGI "in 6 month only plumbers will survive" things. What's inside? It looks like a wrapper app with layered instructions and modes to proxy and enrich user's prompts to LLM and back. It has multiple layers, different modes, internal tools and other things including Anti-distillation stubs. Yep, this is a simplification from my side. Fun stuff from the code base: - 90 TODOs. I love the `// TODO: figure out why` and `// TODO: Clean this up`. - 152 eslint-disable including 37 react-hooks/exhaustive-deps - 29 deprecated labels - Exposed full names of Anthropic Safeguards team. Damn, this is so secure! - "Code review skill" that is 3 agents running in parallel (to limit context window?) with checklists instructions .md. - 'Local review skill" that starts with "You are an expert code reviewer. Follow these steps:". - "Security review skill" that starts with "You are a senior security engineer conducting a focused security review". - "Agent creation skill" that starts with "You are an elite AI agent architect specializing in crafting high-performance agent configurations.". Elite? Why not to add "Supa-dupa-mega-VIP" to make the skill even better? If the "coding is solved" for Boris Cherny, then why do they have deprecated labels, eslint-disable, TODO things, being on the verge of AGI breakthrough? If they can use custom code or even assembly code, why do they use React, Axios, Bun, Crypto, Electron.js, Lodash, Chalk? And finally, I like their their negative sentiment analysis "AGI engine" that is a single regex with red-flag words. To me all of that looks like a nice medium-sized application developed by the team of enthusiastic people with its own trade-offs, common popular dependencies, standard architectural patterns. Yes, according to the versioning number Anthropic does a lot of automated code generation, but Claude Code has the same signs of any modern app, with its pros and cons. This is not the God-like sentient machine code. This is average industry code. Tech bros, guys, stop anthropomorphizing your forward text generators, they are tools, not Gods. AI Skills are just sets of instructions. Jenkins had agents for years, but nobody sold them as singularity sentient entities. Cut this mystifications and build a better world for humans, instead of twisting meanings.

AgentService (Nodejs), YAML Deserialization RCE, CVE-2020-8131 (Critical) The CVE-2020-8131 vulnerability exists in the js-yaml library when the `load()` function parses YAML without a safe schema. By default, js-yaml supports custom tags like `!!js/function` and !!js/undefined, which allow embedding and evaluating JavaScript code. The vulnerable `AgentService.loadAgentFromFile` method at `src/agents/agent.service.ts:55` calls `yaml.load(fileContent)` without specifying `JSON_SCHEMA` or DEFAULT_SAFE_SCHEMA. An attacker crafts a YAML file containing !!js/function > function(){ require('child_process').execSync('touch /tmp/pwned') }...

AgentService (Nodejs), YAML Deserialization RCE, CVE-2020-8131 (Critical) The CVE-2020-8131 vulnerability exists in the js-yaml library when the `load()` function parses YAML without a safe schema. By default, js-yaml supports custom tags like `!!js/function` and !!js/undefined, which allow embedding and evaluating JavaScript code. The vulnerable `AgentService.loadAgentFromFile` method at `src/agents/agent.service.ts:55` calls `yaml.load(fileContent)` without specifying `JSON_SCHEMA` or DEFAULT_SAFE_SCHEMA. An attacker crafts a YAML file containing !!js/function > function(){ require('child_process').execSync('touch /tmp/pwned') }...

🤔 Why do we use JSON.stringify() when sending data over a network? It's not just a JavaScript quirk — it's a fundamental concept in systems design. Most developers use it out of habit. But understanding why reveals something deeper about how computers actually work. Your object isn't data — it's memory. When you create a JavaScript object, it lives in your machine's heap — a web of pointers and engine-specific structures that only your running process understands. V8 lays it out differently than SpiderMonkey. Those memory addresses mean absolutely nothing to a client across the wire. You can't "send" memory. You can only send bytes. Think of it like a thought in your head — rich and instant, but impossible to transmit directly. You translate it into words first. JSON.stringify() is that translation. JS sends: "[object Object]" — useless res.send(userObject); // Serializes into something transferable res.json(userObject); // JSON.stringify() under the hood This is where the OSI Model connects. Your JS code lives at Layer 7 (Application). But by the time your data hits Layer 1 (Physical) — electrical signals, fiber, radio waves — it's been broken down and re-wrapped multiple times. Every layer speaks its own format. Layer 7 - Application → JSON.stringify() your object Layer 6 - Presentation → Encoding & encryption (TLS) Layer 4 - Transport → TCP segments Layer 3 - Network → IP routing Layer 1 - Physical → Raw bits on the wire JSON.stringify() is your first step in that entire journey. This isn't a JavaScript problem. Python pickles. Java serializes. Go marshals. Every language faces the same constraint — data must become portable before it can travel. The takeaway? JSON.stringify() isn't just a utility function. It's Layer 7 doing its job — preparing your data for a journey through the entire network stack. The best engineers don't just know what works. They know where it fits in the bigger picture.

simple-git, Command Injection Bypass, N/A (critical) The vulnerability arises from an incorrect patch for CVE-2022-25860 in simple-git versions ≤3.28.0. The library allows JavaScript to run native Git commands. Some Git options (e.g., -u, --upload-pack) can execute arbitrary commands, so they are blocked unless `allowUnsafePack` is explicitly enabled. The blocking logic resides in block-unsafe-operations-plugin.ts, which uses regex patterns to reject options like `-u` and…...

simple-git, Command Injection Bypass, N/A (critical) The vulnerability arises from an incorrect patch for CVE-2022-25860 in simple-git versions ≤3.28.0. The library allows JavaScript to run native Git commands. Some Git options (e.g., -u, --upload-pack) can execute arbitrary commands, so they are blocked unless `allowUnsafePack` is explicitly enabled. The blocking logic resides in block-unsafe-operations-plugin.ts, which uses regex patterns to reject options like `-u` and…...

𝗧𝗵𝗲 𝗕𝗮𝘀𝗶𝗰𝘀 𝗼𝗳 𝗝𝗮 v𝗮𝗦𝗰𝗿𝗶𝗽𝘁'𝘀 𝗠𝗲𝗺𝗼𝗿𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 Understanding how JavaScript manages memory is key to writing efficient code. You need to know about the Call Stack and Heap. - The Call Stack is a data structure that stores information about active execution contexts. - It uses a Last In, First Out mechanism. - The Heap is a flexible memory space used for dynamic memory allocation. You can think of the Call Stack like a stack of plates. When a function is called, a new plate is added. When the function finishes, the plate is removed. For example: ``` is not allowed, so here is a simple description You have three functions: firstFunction, secondFunction, and thirdFunction. firstFunction calls secondFunction, and secondFunction calls thirdFunction. Each function is added to the Call Stack, then removed when it finishes. The Call Stack has a size limit. Too much recursion can cause a "Stack Overflow". You must have a base case to stop recursion. The Heap is different. It's used for objects, arrays, and functions that are not known at compile-time. Memory management in the Heap is more complex. Developers have less control over when memory is allocated or freed. You can use techniques like debouncing and throttling to optimize function usage. Memoization can also improve performance by caching results of expensive function calls. To avoid memory leaks, you should: - Avoid global variables - Clean up event listeners - Use weak references Understanding memory management is crucial for debugging. You can use tools like DevTools to analyze memory usage and detect leaks. Source: https://lnkd.in/gtR6kteF