Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:28798
HistoryDec 23, 2020 - 2:13 a.m.

Prototype Pollution

2020-12-2302:13:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

0.006 Low

EPSS

Percentile

78.7%

multi-ini is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as __proto__, constructor and prototype by specifying the constructor.proto object as part of an array. This vulnerability exists due to bypass of the fix for CVE-2020-28448.

0.006 Low

EPSS

Percentile

78.7%