Description
This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Remediation
References
https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989
https://www.npmjs.com/package/iniparserjs
Related Vulnerabilities
CVE-2022-21191 Vulnerability in npm package global-modules-path
CVE-2020-36379 Vulnerability in npm package aaptjs
CVE-2022-24196 Vulnerability in maven package com.itextpdf:itext7-core
CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2023-33695 Vulnerability in maven package cn.hutool:hutool-core