|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Web applications / Modules and components for CMS
This security bulletin contains one medium risk vulnerability.
CWE-400 - Resource exhaustion
Exploit availability: NoDescription
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper input validation in the "__proto__" payload. A remote attacker can send a specially crafted request and add or modify properties of Object.prototype.Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.Vulnerable software versions
node-ini-parser: 0.0.1 - 0.0.2CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?