Description
This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
Remediation
References
https://www.npmjs.com/package/iniparserjs
https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989
Related Vulnerabilities
CVE-2022-24901 Vulnerability in npm package parse-server
CVE-2023-48910 Vulnerability in maven package io.github.microcks:microcks
CVE-2022-24376 Vulnerability in npm package git-promise
CVE-2021-32013 Vulnerability in npm package xlsx
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war