jonschlinkert/kind-of

Releases23

Frequency2 months 3 weeks

Last Release over 6 years ago

Stars355

Get the native JavaScript type of a value, fast. Used by superstruct, micromatch and many others!

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-20149 ↗	Dec 30, 2019Monday, 30 December 2019, 19:15	7.5 HIGH	5 MEDIUM
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.