Lucene search
K

6 matches found

Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.8 views

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name as demonstrated by 'constructor': {'name':'Symbol'}. Hence a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

...

7.5CVSS7.7AI score0.02278EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.5 views

SUSE CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

7.5CVSS7.3AI score0.02278EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2020/03/31 3:59 p.m.7 views

@copart/ops-tool-kit (>=0.0.37 <=0.0.53), @openfin/multer-s3 (>=2.0.0 <=2.2.0) +4 more potentially affected by CVE-2019-20149 via kind-of (=6.0.2)

kind-of NPM version =6.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on kind-of and may be impacted: - @copart/ops-tool-kit =0.0.37, =2.0.0, =0.0.1, =0.0.3, =0.1.0, =1.2.6 Source cves: CVE-2019-20149 Source advisory: OSV:GHSA-6C8F-QPHG-QJGP...

7.5CVSS7.1AI score0.02278EPSS
Exploits1
OSV
OSV
added 2019/12/30 7:15 p.m.1 views

DEBIAN-CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

7.5CVSS7.8AI score0.02278EPSS
Exploits1References1
OSV
OSV
added 2019/12/30 7:15 p.m.10 views

AZL-47271 CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

7.5CVSS7.2AI score0.02278EPSS
Exploits1References1
OSV
OSV
added 2019/12/30 7:15 p.m.4 views

UBUNTU-CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

7.5CVSS6.7AI score0.02278EPSS
Exploits1References4
Rows per page
Query Builder