PT-2020-9146 · Undefsafe · Undefsafe

Published

2020-02-18

Updated

2022-02-09

CVE-2019-10795

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions undefsafe versions prior to 2.0.3

Description The issue allows the a function to be tricked into adding or modifying properties of Object.prototype using a proto payload, which is a type of Prototype Pollution. This occurs because the function is not properly protected against such payloads.

Recommendations For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the a function until a patch is available.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

AZL-44064

CVE-2019-10795

GHSA-332Q-7FF2-57H2

SNYK-JS-UNDEFSAFE-548940

Affected Products

Undefsafe

PT-2020-9146 · Undefsafe · Undefsafe

CVE-2019-10795

Weakness Enumeration

Related Identifiers

Affected Products

References · 7