2 matches found
GHSA-PMPR-VC5Q-H3JW Exposure of Resource to Wrong Sphere in valib
valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...
Internal Property Tampering
Overview taffy is an opensouce library that brings database features into your JavaScript applications. Affected versions of this package are vulnerable to Internal Property Tampering. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be...