Description

This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Remediation

References

https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989

https://www.npmjs.com/package/iniparserjs

Related Vulnerabilities

CVE-2022-21191 Vulnerability in npm package global-modules-path

CVE-2020-36379 Vulnerability in npm package aaptjs

CVE-2022-24196 Vulnerability in maven package com.itextpdf:itext7-core

CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs

CVE-2023-33695 Vulnerability in maven package cn.hutool:hutool-core

Severity

Critical

Tags

Exploit Third Party Advisory Product NVD-CWE-Other