Vulnerabilities > CVE-2021-23328 - Unspecified vulnerability in Iniparserjs Project Iniparserjs

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

iniparserjs-project

NVD

Published: 2021-01-29

Updated: 2021-02-04

Summary

This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.

Vulnerable Configurations

Part	Description	Count
Application	Iniparserjs_Project Iniparserjs Project Iniparserjs *	1

References

https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989
https://www.npmjs.com/package/iniparserjs