Control: tags -1 + confirmed On Sat, 2020-12-19 at 20:53 +0100, Xavier Guimard wrote: > node-ini is vulnearable to CVE-2020-7788: if an attacker submits a > malicious > INI file to an application that parses it with ini.parse, they will > pollute > the prototype on the application. This can be exploited further > depending > on the context. (#977718)
Please go ahead. Regards, Adam
