15 matches found
EUVD-2025-134629
Malicious code in analua-aki-ini npm...
EUVD-2025-122164
Malicious code in sedna-centaurus-algol-ini npm...
EUVD-2020-1502
Malware in sbrugna...
MAL-2025-20813 Malicious code in foundation-ariel-canopus-ini (npm)
The package foundation-ariel-canopus-ini was found to contain malicious code...
SUSE CVE-2020-7788
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28461
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28461 Prototype Pollution
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
Oracle Linux 8 : nodejs:16 (ELSA-2021-5171)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-5171 advisory. - Resolves CVE-2020-28469 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...
CVE-2020-28448 Prototype Pollution
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array...
DEBIAN-CVE-2020-7788
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-7788
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-7788
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-7788
CVE-2020-7788 affects the ini package before 1.3.6. An attacker can submit a malicious INI file parsed by ini.parse, polluting the application’s prototype and potentially enabling further exploitation depending on context. Remediation: upgrade to ini 1.3.6 or newer.
GHSA-QQGX-2P2H-9C37 ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
Overview The ini npm package before version 1.3.6 has a Prototype Pollution vulnerability. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. Patch...
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
Overview The ini npm package before version 1.3.6 has a Prototype Pollution vulnerability. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. Patch...