Vulnerabilities > CVE-2019-20149 - Exposure of Resource to Wrong Sphere vulnerability in Kind-Of Project Kind-Of 6.0.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

kind-of-project

CWE-668

NVD

Published: 2019-12-30

Updated: 2020-08-24

Summary

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Vulnerable Configurations

Part	Description	Count
Application	Kind-Of_Project Kind OF Project Kind OF 6.0.2	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://github.com/jonschlinkert/kind-of/issues/30
https://github.com/jonschlinkert/kind-of/pull/31