Fluid Attacks Database

Description

Validation Bypass in kind-of Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation.

Recommendation

Upgrade to versions 6.0.3 or later.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	node-kind-of	>=0 <6.0.3+dfsg-1	6.0.3+dfsg-1
debian 13	node-kind-of	>=0 <6.0.3+dfsg-1	6.0.3+dfsg-1
debian 14	node-kind-of	>=0 <6.0.3+dfsg-1	6.0.3+dfsg-1
npm	kind-of	>=6.0.0 <6.0.3	6.0.3
debian 12	node-kind-of	>=0 <6.0.3+dfsg-1	6.0.3+dfsg-1
rpm rhel8	nodejs-nodemon	-	-

Aliases

1. CVE-2019-201492. NVD-2019-201493. OSV-DEBIAN-2019-201494. OSV-2019-201495. GCVE-2019-201496. SECURITY-TRACKER-CVE-2019-20149

References

1. https://github.com/mrknowledgshare/testing_cve-2019-201492. https://github.com/jonschlinkert/kind-of/issues/303. https://github.com/jonschlinkert/kind-of/pull/314. https://github.com/jonschlinkert/kind-of/commit/1df992ce6d5a1292048e5fe9c52c5382f941ee0b5. https://www.npmjs.com/advisories/1490