Source: node-ini Version: 1.3.5-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for node-ini. CVE-2020-7788[0]: | This affects the package ini before 1.3.6. If an attacker submits a | malicious INI file to an application that parses it with ini.parse, | they will pollute the prototype on the application. This can be | exploited further depending on the context. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-7788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788 [1] https://snyk.io/vuln/SNYK-JS-INI-1048974 [2] https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 Regards, Salvatore
