CVE-2020-28462

Name of the Vulnerable Software and Affected Versions ion-parser versions all

Description The issue affects the ion-parser package, where an attacker can submit a malicious INI file to an application that uses the parse function, leading to prototype pollution on the application. This can be further exploited depending on the context.

Recommendations For all versions of ion-parser, consider disabling the parse function until a patch is available to prevent prototype pollution attacks. Restrict the use of ion-parser to minimize the risk of exploitation. Avoid using ion-parser to parse untrusted INI files until the issue is resolved.