3 matches found
CVE-2020-28462
creationtimestamp| type| source ---|---|--- 2022-07-25 18:33:26+00:00| seen| https://t.me/cibsecurity/46922...
CVE-2020-28462 Prototype Pollution
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
@arnau/gatsby-transformer-toml (>=1.0.0 <=1.0.2) potentially affected by CVE-2020-28462 via ion-parser (=0.5.2)
ion-parser NPM version =0.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on ion-parser and may be impacted: - @arnau/gatsby-transformer-toml =1.0.0, =1.0.2 Source cves: CVE-2020-28462 Source advisory: SNYK:JS-IONPARSER-1048971...