MidnightBSD

Advisories for multi-ini_project

CVE-2020-28448 HIGH

This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1321,

Products Affected

Vendor Product Version
multi-ini_project multi-ini *
CVE-2020-28460 HIGH

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1321,

Products Affected

Vendor Product Version
multi-ini_project multi-ini *