Description

This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Remediation

References

https://www.npmjs.com/package/iniparserjs

https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989

Related Vulnerabilities

CVE-2022-40764 Vulnerability in npm package snyk-go-plugin

CVE-2023-3815 Vulnerability in maven package com.ruoyi:ruoyi

CVE-2022-37423 Vulnerability in maven package org.neo4j.procedure:apoc

CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master

CVE-2016-10652 Vulnerability in npm package prebuild-lwip

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Product Third Party Advisory Exploit NVD-CWE-Other