Description

This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Remediation

References

https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989

https://www.npmjs.com/package/iniparserjs

Related Vulnerabilities

CVE-2015-2080 Vulnerability in maven package org.eclipse.jetty:jetty-http

CVE-2015-6584 Vulnerability in maven package org.webjars.npm:datatables

CVE-2020-14966 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign

CVE-2020-2231 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-50449 Vulnerability in maven package com.jfinal:jfinal

Severity

Critical

Tags

Exploit Third Party Advisory Product NVD-CWE-Other