ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
CVE-2019-20149 - Medium Severity Vulnerability
kind-of-3.2.2.tgz
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz
Path to dependency file: /tmp/ws-scm/binr/package.json
Path to vulnerable library: /tmp/ws-scm/binr/node_modules/is-number/node_modules/kind-of/package.json
Dependency Hierarchy: - jest-24.9.0.tgz (Root Library) - jest-cli-24.9.0.tgz - core-24.9.0.tgz - micromatch-3.1.10.tgz - snapdragon-0.8.2.tgz - base-0.11.2.tgz - class-utils-0.3.6.tgz - static-extend-0.1.2.tgz - object-copy-0.1.0.tgz - :x: **kind-of-3.2.2.tgz** (Vulnerable Library)
kind-of-4.0.0.tgz
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz
Path to dependency file: /tmp/ws-scm/binr/package.json
Path to vulnerable library: /tmp/ws-scm/binr/node_modules/has-values/node_modules/kind-of/package.json
Dependency Hierarchy: - jest-24.9.0.tgz (Root Library) - jest-cli-24.9.0.tgz - core-24.9.0.tgz - micromatch-3.1.10.tgz - snapdragon-0.8.2.tgz - base-0.11.2.tgz - cache-base-1.0.1.tgz - has-value-1.0.0.tgz - has-values-1.0.0.tgz - :x: **kind-of-4.0.0.tgz** (Vulnerable Library)
kind-of-6.0.2.tgz
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/binr/package.json
Path to vulnerable library: /tmp/ws-scm/binr/node_modules/kind-of/package.json
Dependency Hierarchy: - jest-24.9.0.tgz (Root Library) - jest-cli-24.9.0.tgz - core-24.9.0.tgz - micromatch-3.1.10.tgz - :x: **kind-of-6.0.2.tgz** (Vulnerable Library)
kind-of-5.1.0.tgz
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz
Path to dependency file: /tmp/ws-scm/binr/package.json
Path to vulnerable library: /tmp/ws-scm/binr/node_modules/is-descriptor/node_modules/kind-of/package.json
Dependency Hierarchy: - jest-24.9.0.tgz (Root Library) - jest-cli-24.9.0.tgz - core-24.9.0.tgz - micromatch-3.1.10.tgz - snapdragon-0.8.2.tgz - define-property-0.2.5.tgz - is-descriptor-0.1.6.tgz - :x: **kind-of-5.1.0.tgz** (Vulnerable Library)
Found in HEAD commit: 1dfb899bd2a15de733e51be20e8a2071dc471aee
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here