Lucene search
GoogleOSV:CVE-2020-28460HistoryDec 22, 2020 - 1:15 p.m.
CVE-2020-28460
2020-12-2213:15:12
Google
osv.dev
2
This affects the package multi-ini before 2.1.2. It is possible to pollute an object’s prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.
Related
cvelist
cvelist
CVE-2020-28460 Prototype Pollution
2020-12-22 00:00:00
CVE-2020-28448 Prototype Pollution
2020-12-22 00:00:00
cve
cve
CVE-2020-28460
2020-12-22 13:15:12
CVE-2020-28448
2020-12-22 13:15:12
prion
prion
Type confusion
2020-12-22 13:15:00
Code injection
2020-12-22 13:15:00
osv
osv
Prototype pollution in multi-ini
2021-04-13 15:23:41
Prototype Pollution in multi-ini
2021-04-13 15:23:59
nvd
nvd
CVE-2020-28460
2020-12-22 13:15:12
CVE-2020-28448
2020-12-22 13:15:12
github
github
Prototype pollution in multi-ini
2021-04-13 15:23:41
Prototype Pollution in multi-ini
2021-04-13 15:23:59
veracode
veracode
Prototype Pollution
2020-12-23 02:13:52
Prototype Pollution
2020-12-23 05:29:42
huntr
huntr
Prototype Pollution in evangelion1204/multi-ini
2020-12-14 00:00:00