Main Vulnerability Database SB2020030907

SB2020030907 - Exposure of Resource to Wrong Sphere in valib JavaScript library

Published: March 9, 2020

Security Bulletin ID SB2020030907

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2019-10805)

The vulnerability allows a remote attacker to bypass security checks.

The vulnerability exists due to internal property tampering issue. A remote attacker can use a specially crafted JavaScript object to bypass several inspection functions via the "hasOwnProperty" built-in function and bypass security checks.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://snyk.io/vuln/SNYK-JS-VALIB-559015
https://www.npmjs.com/package/valib