VYPR
High severityNVD Advisory· Published Dec 30, 2019· Updated Aug 5, 2024

CVE-2019-20149

CVE-2019-20149

Description

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
kind-ofnpm
>= 6.0.0, < 6.0.36.0.3

Affected products

2
  • kind-of/kind-ofdescription
  • ghsa-coords
    Range: >= 6.0.0, < 6.0.3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.