EUVD-2022-6287

Malicious code in bioql PyPI...

Prototype Pollution

ion-parser is vulnerable to prototype pollution. A remote attacker is able to pollute object creations by passing a crafted malicious payload to parse function via a crafted INI file...

ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

@arnau/gatsby-transformer-toml (>=1.0.0 <=1.0.2) potentially affected by CVE-2020-28462 via ion-parser (=0.5.2)

ion-parser NPM version =0.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on ion-parser and may be impacted: - @arnau/gatsby-transformer-toml =1.0.0, =1.0.2 Source cves: CVE-2020-28462 Source advisory: OSV:GHSA-7VRV-5M2H-RJW9...

GHSA-7VRV-5M2H-RJW9 ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

CVE-2020-28462

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

Code injection

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...

CVE-2020-28462

ion-parser is affected by prototype pollution when an application uses parse to read a crafted INI file. The issue affects all versions of ion-parser and can pollute the application’s Object.prototype, enabling further exploitation depending on context. Public writeups and security feeds (e.g., S...

PT-2022-8904 · Unknown · Ion-Parser

Name of the Vulnerable Software and Affected Versions: ion-parser versions all Description: The issue affects the ion-parser package, where an attacker can submit a malicious INI file to an application that uses the parse function, leading to prototype pollution on the application. This can be...

ion-parser 安全漏洞

ion-parser is 418sec open source one of the fastest and lightest Javascript parser for TOML and ION files . A security vulnerability exists in ion-parser that stems from the package's susceptibility to prototype contamination, which can be exploited by an attacker to submit malicious INI files to...

@arnau/gatsby-transformer-toml (>=1.0.0 <=1.0.2) potentially affected by CVE-2020-28462 via ion-parser (=0.5.2)

ion-parser NPM version =0.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on ion-parser and may be impacted: - @arnau/gatsby-transformer-toml =1.0.0, =1.0.2 Source cves: CVE-2020-28462 Source advisory: SNYK:JS-IONPARSER-1048971...

Prototype Pollution

Overview ion-parser is a The fastest and lightest parser for TOML and ION files, an alternative to JSON or YAML file formats. Affected versions of this package are vulnerable to Prototype Pollution. If an attacker submits a malicious INI file to an application that parses it with parse , they wil...