2 matches found
GHSA-RRC9-GQF8-8RWG Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...
Amazon Aws-sdk-js Security Vulnerability
Amazon Aws-sdk-js is a Javascript-based development kit for AWS service support for nodejs applications from Amazon.com, Inc. A security vulnerability exists in Amazon Aws-sdk-js before 1.0.0-rc.9, which can be exploited by an attacker to submit a malicious INI file to an application for further...