2 matches found
Internal Property Tampering
Overview schema-inspector is a JSON API sanitisation and validation module. Affected versions of this package are vulnerable to Internal Property Tampering. A maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector. Remediation Upgrade...
GHSA-4R4M-HJWJ-43P8 Insecure Defaults Allow MITM Over TLS in engine.io-client
Affected versions of engine.io-client do not verify certificates by default, and as such may be vulnerable to Man-in-the-Middle attacks. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates to false, such as undefine...