CVE-2025-63703

Published May 7th, 2026

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

1

PROJECT

Description

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js().

Parse ini file to get the content and variables of the ini file as node object.

NPM