CVE-2020-28460

Published December 22nd, 2020

View on NVD ↗

CVSS v3

5.6

MEDIUM

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.

evangelion1204/multi-ini

Read multilevel and multiline ini files in compatible with Zend.

GitHub