6 matches found
kind-of injection vulnerability
kind-of is a JavaScript type checking package. An injection vulnerability exists in the 'ctorName' function of the index.js file in kind-of version v6.0.2, which can be exploited by an attacker to override internal attributes and manipulate the results of type checking...
AZL-44298 CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...
CVE-2019-20149
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...
Design/Logic Flaw
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...
CVE-2019-20149
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...
CVE-2019-20149
CVE-2019-20149 pertains to kind-of v6.0.2 where ctorName in index.js can be overwritten via a crafted payload to alter type-detection results by exploiting a conflicting name (e.g., 'constructor': {'name':'Symbol'}). The IBM QRadar Use Case Manager bulletin (connected doc) aggregates this CVE amo...