← Retour aux CVEs
CVE-2020-28441
HIGH7.3
Description
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
Details CVE
Score CVSS v3.17.3
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie7/25/2022
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
conf-cfg-ini_project:conf-cfg-ini
Faiblesses (CWE)
CWE-1321
References
https://github.com/loge5/conf-cfg-ini/commit/3a88a6c52c31eb6c0f033369eed40aa168a636ea(report@snyk.io)
https://security.snyk.io/vuln/SNYK-JS-CONFCFGINI-1048973(report@snyk.io)
https://github.com/loge5/conf-cfg-ini/commit/3a88a6c52c31eb6c0f033369eed40aa168a636ea(af854a3a-2127-422b-91ae-364da2661108)
https://security.snyk.io/vuln/SNYK-JS-CONFCFGINI-1048973(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.