24 matches found
EUVD-2022-6376
Malicious code in bioql PyPI...
EUVD-2022-6373
Malicious code in bioql PyPI...
EUVD-2022-6287
Malicious code in bioql PyPI...
SUSE CVE-2020-7788
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
Prototype Pollution
conf-cfg-ini is vulnerable to prototype pollution. A malicious INI file can be parsed and decoded as it does not protect the properties such as "proto" to pollute the global object prototype...
Prototype Pollution
js-ini is vulnerable to prototype pollution. The vulnerability exists in parse function in index.ts and parse.ts due to lack of validations which allows an attacker to send malicious INI files on the application to cause a pollution on prototype...
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
GHSA-M939-VRFP-9V8P js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
Code injection
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28461 Prototype Pollution
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
conf-cfg-ini 安全漏洞
conf-cfg-ini is a package from the individual developer Rolf Loges in Germany. It uses Node.js to encode and decode conf/cfg/ini-Files. A security vulnerability exists in conf-cfg-ini versions prior to 1.2.2, which stems from the fact that this package is susceptible to prototype contamination; i...
js-ini 安全漏洞
js-ini is a Node.js package for encoding/decoding ini-like strings from the Russian individual developer Denis. A security vulnerability exists in versions of js-ini prior to 1.3.0 that stems from the package's susceptibility to prototype contamination, which can be exploited by an attacker to...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
GHSA-RRC9-GQF8-8RWG Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...