VDB
DEBIAN-CVE-2020-7788
DEBIAN-CVE-2020-7788
PUBLISHED
CVSS 9.800000190734863 CRITICAL
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | node-ini | 0, 0, 0 |
| Debian:12 | node-ini | 0, 0, 0 |
| Debian:14 | node-ini | 0, 0, 0 |
| Debian:11 | node-ini | 0, 0, 0 |
Timeline
- Dec 11, 2020 CVE Published
- Apr 28, 2026 CVE Updated