This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2022-07-25T14:06:32.324953Z
Updated: 2024-09-16T18:28:41.240Z
Reserved: 2020-11-12T00:00:00
Link: CVE-2020-28441
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-07-25T14:15:09.270
Modified: 2024-11-21T05:22:48.643
Link: CVE-2020-28441
Redhat
No data.