Lucene search

K
osvGoogleOSV:CVE-2020-28460
HistoryDec 22, 2020 - 1:15 p.m.

CVE-2020-28460

2020-12-2213:15:12
Google
osv.dev
2

6.6 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

This affects the package multi-ini before 2.1.2. It is possible to pollute an object’s prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.

6.6 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%