Уязвимость CVE-2019-20149

CVE-2019-20149

CVSS3: 7.5

ubuntu

около 6 лет назад

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

CVE-2019-20149

CVSS3: 5.9

redhat

около 6 лет назад

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

CVE-2019-20149

CVSS3: 7.5

nvd

около 6 лет назад

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

CVE-2019-20149

CVSS3: 7.5

debian

около 6 лет назад

ctorName in index.js in kind-of v6.0.2 allows external user input to o ...

GHSA-6c8f-qphg-qjgp

CVSS3: 7.5

github

почти 6 лет назад

Validation Bypass in kind-of

exploitDog

CVE-2019-20149

Описание

Возможность эксплуатации

Связанные уязвимости