npm package
multi-ini
pkg:npm/multi-ini
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-28448 | — | < 2.1.1 | 2.1.1 | Dec 22, 2020 | This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array. | ||
| CVE-2020-28460 | — | < 2.1.2 | 2.1.2 | Dec 22, 2020 | This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448. |
- CVE-2020-28448Dec 22, 2020affected < 2.1.1fixed 2.1.1
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.
- CVE-2020-28460Dec 22, 2020affected < 2.1.2fixed 2.1.2
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.