valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| valib(npm) | 0 | N/A | N/A |
CVSS Metrics
