PT-2019-5802 · Npm · Kind-Of
Xiaofen9
·
Published
2019-12-30
·
Updated
2021-05-25
·
CVE-2019-20149
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
kind-of versions 6.0.0 through 6.0.2
Description
The issue is related to insufficient input validation in the kind-of library, which can be exploited by a remote attacker to cause a denial of service. Specifically, the
ctorName in index.js of kind-of version 6.0.2 allows external user input to overwrite internal attributes via a conflicting name. A crafted payload can manipulate the type detection result by overwriting a built-in attribute. This can enable attackers to bypass type checking validation.Recommendations
For kind-of versions 6.0.0 through 6.0.2, upgrade to version 6.0.3 or later.
Exploit
Fix
RCE
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kind-Of