Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtcHItdmM1cS1oM2p3

Moderate CVSS: 7.5 EPSS: 0.00227% (0.45388 Percentile) EPSS:
Permalink JSON

Exposure of Resource to Wrong Sphere in valib

Affected Packages Affected Versions Fixed Versions
npm:valib
PURL: pkg:npm/valib
<= 2.0.0 No known fixed version
7 Dependent packages
45 Dependent repositories
414 Downloads last month

Affected Version Ranges

All affected versions

1.0.0, 2.0.0

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.

References:

Identifiers

GHSA-pmpr-vc5q-h3jw

CVE-2019-10805

Risk

Severity

Moderate

CVSS

CVSS Score: 7.5

CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

EPSS Percentage: 0.00227

EPSS Percentile: 0.45388

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

almost 5 years ago

Updated

3 days ago

API

JSON