Description
valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.
Remediation
References
https://snyk.io/vuln/SNYK-JS-VALIB-559015
https://www.npmjs.com/package/valib
Related Vulnerabilities
CVE-2020-5231 Vulnerability in maven package org.opencastproject:opencast-kernel
CVE-2021-38384 Vulnerability in npm package serverless-offline
CVE-2020-7691 Vulnerability in maven package org.webjars.bower:jspdf
CVE-2018-18853 Vulnerability in maven package io.spray:spray-json_2.12
CVE-2023-34603 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent