This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ini(npm) | 0 | 1.3.6 | N/A |
CVSS Metrics
