CVE-2019-10805

Name of the Vulnerable Software and Affected Versions valib versions through 2.0.0

Description The issue allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.

Recommendations For valib versions through 2.0.0, consider disabling the use of the hasOwnProperty function from unsafe user-input until a patch is available. Restrict access to the inspection functions provided by valib to minimize the risk of exploitation. Avoid using the hasOwnProperty function in the affected JavaScript objects until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.