SB2021012914 - Prototype pollution in IniParser.js

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021012914

SB2021012914 - Prototype pollution in IniParser.js

Published: January 29, 2021 Updated: June 28, 2023

Security Bulletin ID SB2021012914
CSH Severity
Medium
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Prototype pollution (CVE-ID: CVE-2021-23328)

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References