This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse
, they will pollute the prototype on the application. This can be exploited further depending on the context.
{ "github_reviewed": true, "cwe_ids": [ "CWE-1321" ], "severity": "CRITICAL", "github_reviewed_at": "2022-08-06T09:35:43Z", "nvd_published_at": "2022-07-25T14:15:00Z" }