CVE-2019-20149

Name of the Vulnerable Software and Affected Versions kind-of versions 6.0.0 through 6.0.2

Description The issue is related to insufficient input validation in the kind-of library, which can be exploited by a remote attacker to cause a denial of service. Specifically, the ctorName in index.js of kind-of version 6.0.2 allows external user input to overwrite internal attributes via a conflicting name. A crafted payload can manipulate the type detection result by overwriting a built-in attribute. This can enable attackers to bypass type checking validation.

Recommendations For kind-of versions 6.0.0 through 6.0.2, upgrade to version 6.0.3 or later.