CVE-2020-7788

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-7788
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7788.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-7788
Aliases
Downstream
Related
Published
2020-12-11T11:15:11.447Z
Modified
2026-03-13T21:59:39.375451Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

References

Affected packages

Git / github.com/npm/ini

Affected ranges

Type
GIT
Repo
https://github.com/npm/ini
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2da90391ef70db41d10f013e3a87f9a8c5d01a72
Fixed
56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.6"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.1
1.0.2
v1.*
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.2.0
v1.2.1
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7788.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]