Описание
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
Пакеты
Наименование
conf-cfg-ini
npm
Затронутые версииВерсия исправления
< 1.2.2
1.2.2
Связанные уязвимости
CVSS3: 7.3
nvd
больше 3 лет назад
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.