5 matches found
CVE-2020-28472 Prototype Pollution
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...
CVE-2020-28472
Prototype Pollution vulnerability CVE-2020-28472 affects @aws-sdk/shared-ini-file-loader (< 1.0.0-rc.9) and aws-sdk (
0.workspace (>=0.1.0 <=0.1.1), 18a58t9c-upload (>=1.0.0 <=1.0.3) +17847 more potentially affected by CVE-2020-28472 via aws-sdk (>=2.0.0-rc1 <=2.813.0)
aws-sdk NPM version =2.0.0-rc1, =0.1.0, =1.0.0, =0.21.0, =1.0.0, =1.0.0, =0.1.0, =3.6.0, =0.0.2, =0.3.0, =0.1.0, =0.5.0 and more Source cves: CVE-2020-28472 Source advisory: SNYK:JS-AWSSDK-1059424...
@alwaysai/serverless-component (>=1.19.0 <=1.19.2), @andre.bonna/serverless-next.js (=1.14.1) +318 more potentially affected by CVE-2020-28472 via @aws-sdk/shared-ini-file-loader (>=1.0.0-beta.4 <=1.0.0-rc.8)
@aws-sdk/shared-ini-file-loader NPM version =1.0.0-beta.4, =1.19.0, =1.2.19-preview.112, =1.0.38-preview.116, =1.0.1-preview.0, =1.0.1-preview.0, =1.2.27-preview.116, =1.0.29-preview.139, =1.0.29-preview.139, =1.0.9-preview.5387, =1.0.32-preview.139, =1.2.1-ui-preview.54, =1.0.30-preview.139,...
JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)
The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...