CVE-2020-7788

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-7788

Severity

Unknown

Description

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

References

https://images.chainguard.dev/security/CGA-c3ww-w7xc-fmr9
https://github.com/advisories/GHSA-qqgx-2p2h-9c37
https://images.chainguard.dev/security/CGA-qv4f-vf9x-4r73
https://images.chainguard.dev/security/CGA-gf5w-3rv9-3r7h
https://images.chainguard.dev/security/CGA-92mc-35x8-ghqf
https://images.chainguard.dev/security/CGA-74mf-2c33-8vxq
https://images.chainguard.dev/security/CGA-5fmw-xjcx-q7wc
https://images.chainguard.dev/security/CGA-p589-237r-ghx7
https://images.chainguard.dev/security/CGA-mvm2-rwv9-h949
https://images.chainguard.dev/security/CGA-xm6f-h9cr-9jm3
https://images.chainguard.dev/security/CGA-q68q-m2v8-xc87
https://images.chainguard.dev/security/CGA-pwh4-6qfc-2vf3
https://images.chainguard.dev/security/CGA-fw4w-56mp-23m5
https://images.chainguard.dev/security/CGA-c8v3-g44f-837g
https://images.chainguard.dev/security/CGA-45pc-xpqw-3mh7
https://images.chainguard.dev/security/CGA-4v49-2p5w-r42h
https://images.chainguard.dev/security/CGA-7vq2-g8cw-32wx
https://images.chainguard.dev/security/CGA-cqw4-r698-2xxm
https://images.chainguard.dev/security/CGA-ww7f-wff7-w4pm
https://images.chainguard.dev/security/CGA-v6wx-fv7w-gf5r
https://images.chainguard.dev/security/CGA-xg23-xggg-v32q
https://images.chainguard.dev/security/CGA-c2xg-973m-87jq
https://images.chainguard.dev/security/CGA-whrr-fgv9-hv3j
https://images.chainguard.dev/security/CGA-g64w-ghrp-7mcg
https://images.chainguard.dev/security/CGA-8897-jcr7-vgg4
https://images.chainguard.dev/security/CGA-m36h-m34x-4mm6
https://snyk.io/vuln/SNYK-JS-INI-1048974
https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html
https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
https://security-tracker.debian.org/tracker/CVE-2020-7788

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2020-7788

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources