CVE-2020-28441

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-28441

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28441.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-28441

Aliases

GHSA-m6mg-jvjf-w44x

Published

2022-07-25T14:15:09.270Z

Modified

2025-11-19T17:35:43.378963Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.

References

Affected packages

Git / github.com/loge5/conf-cfg-ini

Affected ranges

Type: GIT
Repo: https://github.com/loge5/conf-cfg-ini
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3a88a6c52c31eb6c0f033369eed40aa168a636ea

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28441.json"