CVE-2020-7788 (High) detected in https://source.codeaurora.org/quic/le/platform/external/node/v0.10.44, nodev15.11.0 #193
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2020-7788 - High Severity Vulnerability
Vulnerable Libraries - https://source.codeaurora.org/quic/le/platform/external/node/v0.10.44, nodev15.11.0
Vulnerability Details
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
Publish Date: 2020-12-11
URL: CVE-2020-7788
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
Release Date: 2020-12-11
Fix Resolution: v1.3.6
The text was updated successfully, but these errors were encountered: