DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2020-7788

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-7788

Severity

9.8

Critical

CVSS V3

Description

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2020-7788
  • https://github.com/advisories/GHSA-qqgx-2p2h-9c37
  • https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
  • https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html
  • https://snyk.io/vuln/SNYK-JS-INI-1048974

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal