6 matches found
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name as demonstrated by 'constructor': {'name':'Symbol'}. Hence a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
...
SUSE CVE-2019-20149
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...
@copart/ops-tool-kit (>=0.0.37 <=0.0.53), @openfin/multer-s3 (>=2.0.0 <=2.2.0) +4 more potentially affected by CVE-2019-20149 via kind-of (=6.0.2)
kind-of NPM version =6.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on kind-of and may be impacted: - @copart/ops-tool-kit =0.0.37, =2.0.0, =0.0.1, =0.0.3, =0.1.0, =1.2.6 Source cves: CVE-2019-20149 Source advisory: OSV:GHSA-6C8F-QPHG-QJGP...
DEBIAN-CVE-2019-20149
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...
AZL-47271 CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...
UBUNTU-CVE-2019-20149
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...