EPSS
Percentile
57.1%
conf-cfg-ini is vulnerable to prototype pollution. A malicious INI file can be parsed and decoded as it does not protect the properties such as “proto” to pollute the global object prototype.
github.com/loge5/conf-cfg-ini/commit/3a88a6c52c31eb6c0f033369eed40aa168a636ea