11 matches found
EUVD-2021-0772
Malware in sbrugna...
@ubleipzig/autoconfig (>=2.1.0 <=2.3.1), cardinalkeeper (>=0.0.2 <=0.0.5) +11 more potentially affected by CVE-2020-28448 via multi-ini (>=0.4.1 <=2.1.0)
multi-ini NPM version =0.4.1, =2.1.0, =0.0.2, =2.7.0, =1.0.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.7 Source cves: CVE-2020-28448 Source advisory: OSV:GHSA-G78F-549W-C354...
Prototype pollution in multi-ini
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...
GHSA-67MQ-H2R9-RH2M Prototype pollution in multi-ini
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...
Prototype Pollution
multi-ini is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype by specifying the constructor.proto object as part of an array. This vulnerability exists due to bypass of the...
CVE-2020-28448
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
CVE-2020-28448
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
Type confusion
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...
CVE-2020-28448 Prototype Pollution
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
CVE-2020-28448
CVE-2020-28448 affects the multi-ini package (before 2.1.1). It enables prototype pollution by placing the proto object in an array, allowing modification of object prototypes. Related advisory entries (GHSA: prototype pollution in multi-ini) and OSV/NVD stanzas confirm the same underlying issue ...
eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 +1 more via multi-ini (=2.1.0)
multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...