CVE-2019-10805
HIGHvalib.js < 2.0.0 - Internal Property Tampering via hasOwnProperty Override
Title source: llmDescription
valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-VALIB-559015
Third Party Advisory x_refsource_misc
https://www.npmjs.com/package/valib
Scores
CVSS v3
7.5
EPSS
0.0140
EPSS Percentile
69.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-668
Status
published
Products (2)
npm/valib
0npm
sideralis/valib.js
< 2.0.0
Published
Feb 28, 2020
Tracked Since
Feb 18, 2026