4 matches found
CVE-2019-19507
In jpv aka Json Pattern Validator before 2.1.1, compareCommon can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': 'name':'Array'. This affects validate. Hence, a crafted payload can overwrite this builtin attribute to...
CVE-2019-19507
In jpv aka Json Pattern Validator before 2.1.1, compareCommon can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': 'name':'Array'. This affects validate. Hence, a crafted payload can overwrite this builtin attribute to...
CVE-2019-19507
In jpv aka Json Pattern Validator before 2.1.1, compareCommon can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': 'name':'Array'. This affects validate. Hence, a crafted payload can overwrite this builtin attribute to...
CVE-2019-19507
CVE-2019-19507 affects jpv (Json Pattern Validator) prior to version 2.1.1. The vulnerability arises in compareCommon(), where internal attributes can be overwritten via a conflicting property name (e.g., constructor: { name: 'Array' }), allowing an attacker to bypass validation logic and manipul...