Description

This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Remediation

References

https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989

https://www.npmjs.com/package/iniparserjs

Related Vulnerabilities

CVE-2020-7760 Vulnerability in maven package org.webjars.bower:codemirror

CVE-2022-0350 Vulnerability in npm package vditor

CVE-2023-29199 Vulnerability in npm package vm2

CVE-2021-42357 Vulnerability in maven package org.apache.knox:gateway-service-knoxsso

CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-namesrv

Severity

Critical

Tags

Exploit Third Party Advisory Product NVD-CWE-Other