3 matches found
CVE-2020-28461
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28461 Prototype Pollution
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28461
CVE-2020-28461 affects the js-ini package before 1.3.0. The vulnerability is a prototype pollution issue in the parse function when parsing untrusted INI-like inputs, enabling an attacker to contaminate the application prototype. Impact is context-dependent and not quantified in all sources, but ...