Main Vulnerability Database Vulnerabilities #VU77774

Prototype pollution in IniParser.js - CVE-2021-23328

Published: June 28, 2023

Vulnerability identifier: #VU77774

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-23328

CWE-ID: CWE-1321

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IniParser.js

Software vendor:
tensoar

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989
https://www.npmjs.com/package/iniparserjs

Prototype pollution in IniParser.js - CVE-2021-23328

Description

Remediation

External links

Please verify you're human