RSS   Vulnerabilities for 'Multi-ini'   RSS

2020-12-22
 
CVE-2020-28460

CWE-400
 

 
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.

 
 
CVE-2020-28448

CWE-400
 

 
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.

 


Copyright 2024, cxsecurity.com

 

Back to Top