parse-ini 安全漏洞

parse-ini is a INI configuration file parsing library developed by the individual developer at pein-consulting.de. Version 1.0.6 of parse-ini contains a security vulnerability, which stems from prototype pollution in the index.js file...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

37fis (>=1.0.0 <=1.0.2), 3loc (>=0.2.0 <=0.4.0) +1853 more potentially affected by CVE-2020-7788 via ini (>=1.0.0 <=1.3.5)

ini NPM version =1.0.0, =1.0.0, =0.2.0, =1.0.1, =0.13.31, =0.0.17, =1.0.0, =1.0.0, =6.1.3, =1.0.99, =0.0.1-beta.2, =0.0.1-beta.2, =0.0.1-beta.2, =6.2.9, =11.1.0-next.2 and more Source cves: CVE-2020-7788 Source advisory: OSV:GHSA-QQGX-2P2H-9C37...

PT-2020-6064 · Ini +6 · Ini +6

Name of the Vulnerable Software and Affected Versions: ini versions prior to 1.3.6 Description: The issue is related to an uncontrolled modification of object prototype attributes in the ini library. This can be exploited by submitting a malicious INI file to an application that parses it with...