npm/ini

Releases30

Frequency6 months 3 days

Last Release about 1 month ago

Stars814

An ini parser/serializer in JavaScript

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-7788 ↗	Dec 11, 2020Friday, 11 December 2020, 11:15	7.3 HIGH	7.5 HIGH
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.