27 matches found
EUVD-2021-0772
Malware in sbrugna...
EUVD-2021-0823
Malware in sbrugna...
Prototype Pollution in multi-ini
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
@ubleipzig/autoconfig (>=2.1.0 <=2.3.1), cardinalkeeper (>=0.0.2 <=0.0.5) +11 more potentially affected by CVE-2020-28448 via multi-ini (>=0.4.1 <=2.1.0)
multi-ini NPM version =0.4.1, =2.1.0, =0.0.2, =2.7.0, =1.0.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.7 Source cves: CVE-2020-28448 Source advisory: OSV:GHSA-G78F-549W-C354...
GHSA-G78F-549W-C354 Prototype Pollution in multi-ini
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
@ubleipzig/autoconfig (>=2.1.0 <=2.3.1), cardinalkeeper (>=0.0.2 <=0.0.5) +11 more potentially affected by CVE-2020-28460 via multi-ini (>=0.4.1 <=2.1.0)
multi-ini NPM version =0.4.1, =2.1.0, =0.0.2, =2.7.0, =1.0.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.7 Source cves: CVE-2020-28460 Source advisory: OSV:GHSA-67MQ-H2R9-RH2M...
GHSA-67MQ-H2R9-RH2M Prototype pollution in multi-ini
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...
Prototype pollution in multi-ini
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...
Prototype Pollution
multi-ini is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
multi-ini is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype by specifying the constructor.proto object as part of an array. This vulnerability exists due to bypass of the...
CVE-2020-28448
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
CVE-2020-28460
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...
CVE-2020-28460
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...
CVE-2020-28448
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
Code injection
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
Type confusion
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...
CVE-2020-28448
CVE-2020-28448 affects the multi-ini package (before 2.1.1). It enables prototype pollution by placing the proto object in an array, allowing modification of object prototypes. Related advisory entries (GHSA: prototype pollution in multi-ini) and OSV/NVD stanzas confirm the same underlying issue ...
CVE-2020-28448 Prototype Pollution
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
CVE-2020-28460
CVE-2020-28460 affects the multi-ini package (versions before 2.1.2). The issue is prototype pollution: an attacker can pollute an object’s prototype by placing the proto/constructor.proto object inside an array, bypassing CVE-2020-28448. Connected advisories confirm this vulnerability and link t...
PT-2020-17012 · Multi-Ini · Multi-Ini
Name of the Vulnerable Software and Affected Versions: multi-ini versions prior to 2.1.1 Description: The issue allows an object's prototype to be polluted by specifying the proto object as part of an array. This can potentially lead to unintended behavior or security issues. Recommendations: For...