Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-0772

Malware in sbrugna...

8.1CVSS8.5AI score0.01517EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2021/04/13 3:23 p.m.8 views

@ubleipzig/autoconfig (>=2.1.0 <=2.3.1), cardinalkeeper (>=0.0.2 <=0.0.5) +11 more potentially affected by CVE-2020-28448 via multi-ini (>=0.4.1 <=2.1.0)

multi-ini NPM version =0.4.1, =2.1.0, =0.0.2, =2.7.0, =1.0.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.7 Source cves: CVE-2020-28448 Source advisory: OSV:GHSA-G78F-549W-C354...

9.8CVSS7.2AI score0.01425EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/04/13 3:23 p.m.95 views

Prototype pollution in multi-ini

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

8.1CVSS8.7AI score0.01517EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/04/13 3:23 p.m.21 views

GHSA-67MQ-H2R9-RH2M Prototype pollution in multi-ini

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

5.6CVSS8.7AI score0.01517EPSS
Exploits1References3
Veracode
Veracode
added 2020/12/23 2:13 a.m.23 views

Prototype Pollution

multi-ini is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype by specifying the constructor.proto object as part of an array. This vulnerability exists due to bypass of the...

9.8CVSS3.8AI score0.01517EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2020/12/22 1:15 p.m.19 views

CVE-2020-28448

This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...

9.8CVSS6.5AI score0.01425EPSS
Exploits1References2
OSV
OSV
added 2020/12/22 1:15 p.m.5 views

CVE-2020-28448

This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...

9.8CVSS5.8AI score0.01425EPSS
Exploits1References2
Prion
Prion
added 2020/12/22 1:15 p.m.21 views

Type confusion

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

7.5CVSS8.8AI score0.01517EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/12/22 1:5 p.m.30 views

CVE-2020-28448 Prototype Pollution

This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...

5.6CVSS7.4AI score0.01425EPSS
Exploits1References2
CVE
CVE
added 2020/12/22 1:5 p.m.51 views

CVE-2020-28448

CVE-2020-28448 affects the multi-ini package (before 2.1.1). It enables prototype pollution by placing the proto object in an array, allowing modification of object prototypes. Related advisory entries (GHSA: prototype pollution in multi-ini) and OSV/NVD stanzas confirm the same underlying issue ...

9.8CVSS7.2AI score0.01425EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/12/20 4:44 p.m.4 views

eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 +1 more via multi-ini (=2.1.0)

multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...

9.8CVSS7.2AI score0.01517EPSS
Exploits2
Rows per page
Query Builder