CVE-2019-10805: 
JavaScript vulnerability analysis and mitigation

The vulnerability CVE-2019-10805 affects valib through version 2.0.0, a standalone JavaScript library designed for validation. The vulnerability was discovered and disclosed on February 28, 2020, by security researcher Feng Xiao (xiaofen9). The issue allows Internal Property Tampering in the validation functions of the library (Snyk Advisory).

The vulnerability stems from the library's unsafe usage of the built-in 'hasOwnProperty' function when examining user-input objects. The library uses this function directly from potentially unsafe user input to examine objects, which creates a security weakness. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating a high severity issue with network attack vector and no required privileges or user interaction (NVD).

When exploited, this vulnerability allows maliciously crafted JavaScript objects to bypass several inspection functions provided by valib. An attacker can overwrite the hasOwnProperty function to manipulate the inspection results, effectively bypassing security checks implemented using the library (Snyk Advisory).

Currently, there is no fixed version available for the valib library. Users are advised to consider alternative validation libraries or implement additional security controls to validate object properties (Snyk Advisory).