exploitDog

CVE-2021-23328

Опубликовано: 29 янв. 2021

Источник: nvd

CVSS3: 5.6

CVSS2: 6.8

EPSS Низкий

Описание

This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Ссылки

https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989
Exploit
Third Party Advisory
https://www.npmjs.com/package/iniparserjs
Product
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989
Exploit
Third Party Advisory
https://www.npmjs.com/package/iniparserjs
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iniparserjs_project:iniparserjs:*:*:*:*:*:node.js:*:*

EPSS

Процентиль: 51%

0.00282

Низкий

5.6 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2f6g-w5gj-c93h

CVSS3: 5.6

github

почти 5 лет назад

Prototype Pollution in iniparserjs

EPSS

Процентиль: 51%

0.00282

Низкий

5.6 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other