{"id":"CVE-2019-10805","details":"valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.","aliases":["GHSA-pmpr-vc5q-h3jw"],"modified":"2026-03-13T22:01:27.924613Z","published":"2020-02-28T21:15:13.180Z","related":["SNYK-JS-VALIB-559015"],"references":[{"type":"ADVISORY","url":"https://www.npmjs.com/package/valib"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JS-VALIB-559015"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/riquito/valib","events":[{"introduced":"0"},{"last_affected":"88cf07ab264b95506d2cc122549ac2eb0062c631"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.0"}]}}],"versions":["1.0.0","2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10805.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}