Home

CVE-2020-7788

Description

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.287

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1Windows
Vulnerabilities CVE-2020-4576,CVE-2020-7788 are affected in IBM App Connect Enterprise 11.0.0.11Windows
(RHSA-2021:0549) nodejs:12 security update nodejs-nodemon-2.0.3-1.module+el8.3.0+9715+1718613f.noarch.rpmLinux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-14.15.4-2.module+el8.3.0+9635+ffdf8381.x86_64.rpmLinux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-debugsource-14.15.4-2.module+el8.3.0+9635+ffdf8381.x86_64.rpmLinux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-devel-14.15.4-2.module+el8.3.0+9635+ffdf8381.x86_64.rpmLinux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-docs-14.15.4-2.module+el8.3.0+9635+ffdf8381.noarch.rpmLinux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-full-i18n-14.15.4-2.module+el8.3.0+9635+ffdf8381.x86_64.rpmLinux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-nodemon-2.0.3-1.module+el8.3.0+6519+9f98ed83.noarch.rpmLinux
(RHSA-2021:0551) nodejs:14 security and bug fix update nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpmLinux
(RHSA-2021:0551) nodejs:14 security and bug fix update npm-6.14.10-1.14.15.4.2.module+el8.3.0+9635+ffdf8381.x86_64.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-16.13.1-3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-debugsource-16.13.1-3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-devel-16.13.1-3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-docs-16.13.1-3.module+el8.5.0+13548+45d748af.noarch.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-full-i18n-16.13.1-3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-nodemon-2.0.15-1.module+el8.5.0+13548+45d748af.noarch.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update npm-8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
Nodejs update (ELSA-2021-5171) nodejs-16.13.1-3.0.1.module+el8.5.0+20457+52828f44.x86_64.rpmLinux
Nodejs-devel update (ELSA-2021-5171) nodejs-devel-16.13.1-3.0.1.module+el8.5.0+20457+52828f44.x86_64.rpmLinux
Nodejs-docs update (ELSA-2021-5171) nodejs-docs-16.13.1-3.0.1.module+el8.5.0+20457+52828f44.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2021-5171) nodejs-full-i18n-16.13.1-3.0.1.module+el8.5.0+20457+52828f44.x86_64.rpmLinux
Nodejs-nodemon update (ELSA-2021-5171) nodejs-nodemon-2.0.15-1.module+el8.5.0+20457+52828f44.noarch.rpmLinux
Nodejs-packaging update (ELSA-2021-5171) nodejs-packaging-25-1.module+el8.5.0+20388+4b61e68d.noarch.rpmLinux
Npm update (ELSA-2021-5171) npm-8.1.2-1.16.13.1.3.0.1.module+el8.5.0+20457+52828f44.x86_64.rpmLinux
Nodejs update (ELSA-2022-0350) nodejs-14.18.2-2.module+el8.5.0+20489+261d51d3.x86_64.rpmLinux
Nodejs-devel update (ELSA-2022-0350) nodejs-devel-14.18.2-2.module+el8.5.0+20489+261d51d3.x86_64.rpmLinux
Nodejs-docs update (ELSA-2022-0350) nodejs-docs-14.18.2-2.module+el8.5.0+20489+261d51d3.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2022-0350) nodejs-full-i18n-14.18.2-2.module+el8.5.0+20489+261d51d3.x86_64.rpmLinux
Nodejs-nodemon update (ELSA-2022-0350) nodejs-nodemon-2.0.15-1.module+el8.5.0+20489+261d51d3.noarch.rpmLinux
Nodejs-packaging update (ELSA-2022-0350) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpmLinux
Npm update (ELSA-2022-0350) npm-6.14.15-1.14.18.2.2.module+el8.5.0+20489+261d51d3.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-debugsource-14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-devel-14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-docs-14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-full-i18n-14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-nodemon-2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update npm-6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
Nodejs update (ELSA-2022-6595) nodejs-16.16.0-1.el9_0.x86_64.rpmLinux
Nodejs-docs update (ELSA-2022-6595) nodejs-docs-16.16.0-1.el9_0.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2022-6595) nodejs-full-i18n-16.16.0-1.el9_0.x86_64.rpmLinux
Nodejs-libs update (ELSA-2022-6595) nodejs-libs-16.16.0-1.el9_0.i686.rpmLinux
Nodejs-libs update (ELSA-2022-6595) nodejs-libs-16.16.0-1.el9_0.x86_64.rpmLinux
Nodejs-nodemon update (ELSA-2022-6595) nodejs-nodemon-2.0.19-1.el9_0.noarch.rpmLinux
Npm update (ELSA-2022-6595) npm-8.11.0-1.16.16.0.1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-16.16.0-1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-debugsource-16.16.0-1.el9_0.i686.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-debugsource-16.16.0-1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-docs-16.16.0-1.el9_0.noarch.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-full-i18n-16.16.0-1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-libs-16.16.0-1.el9_0.i686.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-libs-16.16.0-1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-nodemon-2.0.19-1.el9_0.noarch.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update npm-8.11.0-1.16.16.0.1.el9_0.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-debuginfo-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-debugsource-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-devel-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-docs-10.23.1-1.module+el8.3.0+9502+012d8a97.noarch.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-full-i18n-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpmLinux
(RHSA-2021:0548)Moderate: security update npm-6.14.10-1.10.23.1.1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) Vulnerability (CVE-2020-7788)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234