CVE-2019-10805

Опубликовано: 28 фев. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.

Ссылки

https://snyk.io/vuln/SNYK-JS-VALIB-559015
Exploit
Third Party Advisory
https://www.npmjs.com/package/valib
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-VALIB-559015
Exploit
Third Party Advisory
https://www.npmjs.com/package/valib
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sideralis:valib.js:*:*:*:*:*:node.js:*:*

Версия до 2.0.0 (включая)

EPSS

Процентиль: 45%

0.00227

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-pmpr-vc5q-h3jw