Lucene search
K

27 matches found

CNNVD
CNNVD
added 2020/12/22 12:0 a.m.9 views

Evangelion1204 Multi-ini Resource Management Error Vulnerability

Evangelion1204 Multi-ini is Evangelion1204 individual developers of a Javascript-based language written for Ini configuration file parsing code library . The code base supports compatibility with the Zend file format. A security vulnerability exists in versions prior to multi-ini 2.1.2, which ste...

8.1CVSS7.4AI score0.01517EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/12/22 12:0 a.m.5 views

PT-2020-17015 · Multi-Ini · Multi-Ini

Name of the Vulnerable Software and Affected Versions: multi-ini versions prior to 2.1.2 Description: The issue allows an object's prototype to be polluted by specifying the constructor.proto object as part of an array, effectively bypassing a previous security measure. Recommendations: For...

8.1CVSS8.4AI score0.01517EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2020/12/22 12:0 a.m.5 views

PT-2020-17012 · Multi-Ini · Multi-Ini

Name of the Vulnerable Software and Affected Versions: multi-ini versions prior to 2.1.1 Description: The issue allows an object's prototype to be polluted by specifying the proto object as part of an array. This can potentially lead to unintended behavior or security issues. Recommendations: For...

9.8CVSS8.8AI score0.01425EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2020/12/20 4:44 p.m.4 views

eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 +1 more via multi-ini (=2.1.0)

multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...

9.8CVSS7.2AI score0.01517EPSS
Exploits2
Huntr
Huntr
added 2020/12/14 12:0 a.m.44 views

Prototype Pollution in evangelion1204/multi-ini

Description multi-ini is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js const ini = require'multi-ini'; console.log"Before : " + .polluted; var content = ini.read'./payload.ini'; console.log"After : " + .polluted; //payload.ini constructor...

7.5CVSS2.3AI score0.01425EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2020/12/08 1:2 p.m.5 views

eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 via multi-ini (=2.1.0)

multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...

9.8CVSS7.2AI score0.01425EPSS
Exploits1
Snyk
Snyk
added 2020/12/08 1:2 p.m.2 views

Prototype Pollution

Overview multi-ini is an ini-file parser which supports multi line, multiple levels and arrays to get a maximum of compatibility with Zend config files. Affected versions of this package are vulnerable to Prototype Pollution. It is possible to pollute an object's prototype by specifying the proto...

9.8CVSS9AI score0.01425EPSS
Exploits1References2
Rows per page
Query Builder