GHSA-m6mg-jvjf-w44x

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-m6mg-jvjf-w44x/GHSA-m6mg-jvjf-w44x.json
Aliases
  • CVE-2020-28441
Published
2022-07-26T00:01:06Z
Modified
2022-08-04T21:25:33Z
Details

This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.

References

Affected packages

npm / conf-cfg-ini

conf-cfg-ini

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
1.2.2

Affected versions