2 matches found
CVE-2020-28460
CVE-2020-28460 affects the multi-ini package (versions before 2.1.2). The issue is prototype pollution: an attacker can pollute an object’s prototype by placing the proto/constructor.proto object inside an array, bypassing CVE-2020-28448. Connected advisories confirm this vulnerability and link t...
CVE-2020-28448
CVE-2020-28448 affects the multi-ini package (before 2.1.1). It enables prototype pollution by placing the proto object in an array, allowing modification of object prototypes. Related advisory entries (GHSA: prototype pollution in multi-ini) and OSV/NVD stanzas confirm the same underlying issue ...