27 matches found
Evangelion1204 Multi-ini Resource Management Error Vulnerability
Evangelion1204 Multi-ini is Evangelion1204 individual developers of a Javascript-based language written for Ini configuration file parsing code library . The code base supports compatibility with the Zend file format. A security vulnerability exists in versions prior to multi-ini 2.1.2, which ste...
PT-2020-17015 · Multi-Ini · Multi-Ini
Name of the Vulnerable Software and Affected Versions: multi-ini versions prior to 2.1.2 Description: The issue allows an object's prototype to be polluted by specifying the constructor.proto object as part of an array, effectively bypassing a previous security measure. Recommendations: For...
PT-2020-17012 · Multi-Ini · Multi-Ini
Name of the Vulnerable Software and Affected Versions: multi-ini versions prior to 2.1.1 Description: The issue allows an object's prototype to be polluted by specifying the proto object as part of an array. This can potentially lead to unintended behavior or security issues. Recommendations: For...
eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 +1 more via multi-ini (=2.1.0)
multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...
Prototype Pollution in evangelion1204/multi-ini
Description multi-ini is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js const ini = require'multi-ini'; console.log"Before : " + .polluted; var content = ini.read'./payload.ini'; console.log"After : " + .polluted; //payload.ini constructor...
eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 via multi-ini (=2.1.0)
multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...
Prototype Pollution
Overview multi-ini is an ini-file parser which supports multi line, multiple levels and arrays to get a maximum of compatibility with Zend config files. Affected versions of this package are vulnerable to Prototype Pollution. It is possible to pollute an object's prototype by specifying the proto...