evangelion1204/multi-ini

Releases7

Frequency1 year 4 months

Last Release over 3 years ago

Stars11

Read multilevel and multiline ini files in compatible with Zend.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-28448 ↗	Dec 22, 2020Tuesday, 22 December 2020, 13:15	5.6 MEDIUM	7.5 HIGH
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.
CVE-2020-28460 ↗	Dec 22, 2020Tuesday, 22 December 2020, 13:15	5.6 MEDIUM	7.5 HIGH
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.