EPSS
Percentile
45.7%
iniparserjs is vulnerable to prototype pollution. An attacker can inject arbitrary properties into existing construct prototypes via concatenation of array in ini_parser.js to modify attributes such as __proto__, constructor and prototype.
ini_parser.js
__proto__
constructor
prototype
security-tracker.debian.org/tracker/CVE-2021-23328
www.npmjs.com/package/iniparserjs