CVE-2020-28460

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions multi-ini versions prior to 2.1.2

Description The issue allows an object's prototype to be polluted by specifying the constructor.proto object as part of an array, effectively bypassing a previous security measure.

Recommendations For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2020-28460

GHSA-67MQ-H2R9-RH2M

SNYK-JS-MULTIINI-1053229

Affected Products

Multi-Ini

CVE-2020-28460

Weakness Enumeration

Related Identifiers

Affected Products

References · 7